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Interop  News 


Cisco  hedging  its  bets 
with  WLAN  game  plan 


More  Interop  coverage  inside 

Network  management  vendors  to  show  off  apps-aware  tools.  Page  12. 
Vendors  to  demo  desktop  policy  enforcement  technology.  Page  14. 

SSL  VPN,  intrusion-prevention  gear  on  tap.  Page  14. 
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Exclusive  coverage  of  InteropNet  Labs 
as  engineers  drill  down  into  SIP 
[  interoperability,  secure  access  and 
open  source  integration.  Page  52. 


Go  to  www.networkworld.com,  DocFinder:  6948,  for  more 
show  coverage  this  week. 


Avaya  aims  to  boost 
VoIP  performance 


Hooked  on 
photonics 

BBN  researcher  builds 
hack-proof  quantum 
cryptography  network 
that  uses  photons  to 
generate  secure  keys. 

■  BY  AMY  SCHURR 

CAMBRIDGE,  MASS.  — 
Chip  Elliott  is  every 
hacker’s  worst  night¬ 
mare. 

Elliott,  principal  scientist  at 
BBN  Technologies,  leads  a 
team  building  the  world’s 
first  continuously  operating 
quantum  cryptography  net¬ 
work,  a  12-mile  snoop-proof 
glass  loop  under  the  streets 
See  Cryptography,  page  10 
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Chip  Elliott 

says  enter¬ 

prise  deploy¬ 
ments  should 
begin  in  a 
few  years. 
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■  BY  JOHN  COX  AND 
PHIL  HOCHMUTH 

Cisco  last  week  finally  answered 
customer  questions  on  whether 
they  should  stick  with  Cisco’s  cur¬ 
rent  and  pricey  wireless  LAN  pro¬ 
duct  plan  or  embrace  the  WLAN 
products  from  the  company’s 
$500  million  purchase  of  WLAN 
vendor  Airespace. 

The  answer  is:  whatever  works 
best. 

Interop  attendees  will  see  both 
product  lines  this  week,  including 
Airespace  switches  and  thin  ac¬ 
cess  points  sporting  Cisco  colors 
and  labels.  They’ll  also  see  a  new 
line  of  routers  that  double  as 
WLAN  access  points,  the  latest 
example  of  Cisco’s  scheme  to 
make  WLANs  an  integral  part  of 
core  network  infrastructure. 

“We’re  in  an  awkward  early 
stage  because  we  have  two  prod¬ 
uct  lines,” says  Dave  Leonard,  who 
shares  the  title  of  vice  president/ 
general  manager  of  Cisco’s  Wire¬ 
less  Networking  Business  Unit 
with  Brett  Galloway  the  former 
CEO  of  Airespace.  “Investment 
protection  is  our  guiding  light. 

See  Cisco,  page  86 


■  BY  PHIL  HOCHMUTH 

Avaya  is  expected  to  launch  a 
raft  of  updates  to  its  IP  PBX  family 
this  week  at  Interop,  including  fea¬ 
tures  that  bolster  VoIP  reliability 
and  ensure  call  quality 
The  server  software  Avaya  is  in¬ 
troducing  iets  different  IP  PBXs 


deployed  across  a  WAN  take  con¬ 
trol  of  an  entire  business  VoIP  net¬ 
work  in  case  regional  segments 
of  a  network  fail  or  if  an  Avaya 
call  server  goes  down.  Avaya  also 
is  expanding  its  IP-based  confer¬ 
ence  calling  features  and  adding 
new  VoIP  network  monitoring 
See  Avaya,  page  12 


Juniper  fills 
gaps  in  its 
enterprise 
strategy 

■  BY  TIM  GREENE  AND 
JIM  DUFFY 

Juniper  this  week  is  set  to  re¬ 
veal  a  key  component  of  its  cor¬ 
porate  customer  strategy  that  will 
include  a  network  quarantine 
scheme  that  relies  on  the  use  of 
the  company’s  WAN  VPN  technol¬ 
ogy  to  enforce  access,  security 
and  QoS  policies. 

This  announcement  follows  last 
week’s  news  that  the  company  is 
buying  Feribit  Networks  and  Red- 
line  Networks  to  add  technology 
it  needs  to  address  two  other 
aspects  of  Juniper’s  Enterprise  In- 
franet  plan:  assuring  application 
response  time  across  wide-area 
links  and  improving  perfor¬ 
mance  of  data  center  servers. 

Enterprise  Intranet  is  Juniper’s 
its  efforts  to  prevent  and  contain 
security  threats  and  make  sure 
individual  applications  perform 
well  on  business  networks. 

In  its  announcement,  the  com¬ 
pany  is  expected  to  tout  one 
aspect  of  Enterprise  Intranet  as 
an  overlay  security  structure  that 
doesn’t  rely  on  costly  switch  up¬ 
grades  such  as  those  required  by 
Cisco’s  switch-based  Network 
See  Juniper,  page  88 
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"At  Nissan,  we  expect  to  save  at  least  $135  million  annually 
thanks  to  the  efficiencies  that  Windows  Server  2003  and 
Exchange  Server  2003  are  helping  us  achieve." 

Toshihiko  Suda 

Senior  Manager,  Nissan  Motor  Company,  Ltd. 


Make  a  name  for  yourself  with  Windows  Server  System. 

An  upgrade  to  Microsoft  Windows  Server  System 
made  it  possible  for  50,000  worldwide  employees 
at  Nissan  Motor  Company  to  have  more  secure 
remote  access  to  their  e-mail  and  calendars 
from  any  Internet  connection,  without  the  hassle 
and  expense  of  a  VPN.  Here's  how:  By  deploying 
Windows  Server  2003  and  Exchange  2003,  not  only 
did  Nissan  IT  meet  the  CEO's  demand  for  better  global 
collaboration,  they  expect  to  save  at  least  $135  million 
by  streamlining  their  messaging  infrastructure. 
To  get  the  full  Nissan  story  or  find  a  Microsoft 
Certified  Partner,  go  to  microsoft.com/wssystem 
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Windows  Server  System’"  includes: 


Server  Platform  Windows  Server” 


Virtualization 

Virtual  Server 

Data  Management  &  Analysis 

SQL  Server  ” 

Communications 

Exchange  Server 

Portals  &  Collaboration 

Office  SharePoint'  Portal  Server 

Integration 

BizTalk*  Server 

Management 

Systems  Management  Server 

Microsoft’  Operations  Manager 

Security 

Internet  Security  &  Acceleration  Server 

Plus  other  software  products 
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For  Small  Business 


Easy  to  use.  Easy  to  manage.  Easy  to  buy  at  Dell. 

Only  $149  per  user. 


dell.com/database 
or  call  1.888.889.3982 


Terms,  conditions  and  limitations  apply.  Pricing,  specifications,  availability  and  terms  of  offers  may  change  without  notice. 
Taxes,  fees  and  shipping  charges  extra,  vary  and  are  not  subject  to  discount.  U.S.  Dell  Small  Business  new  purchases  only. 
Dell  cannot  be  responsible  for  pricing  or  other  errors.  Oracle  Database  Standard  Edition  One  is  available  with  Named  User 
Plus  licensing  at  $149  per  user  with  a  minimum  of  five  users  or  $4995  per  processor.  Licensing  of  Oracle  Standard  Edition 
One  is  permitted  only  on  servers  that  have  a  maximum  capacity  of  2  CPUs  per  server. 

For  more  information,  visit  oracle.com/standardedition 


Copyright  ®  2004,  Oracle.  All  rights  reserved.  Oracle  is  a  registered  trademark  of  Oracle  Corporation  and/or  its  affiliates.  Other  names  may  be  trademarks  of  their  respective  owners. 
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Exclusive  coverage  from  the  InteropNet  Labs  hot-stage.  Dozens  of 
engineers  drill  down  into  SIP  interoperability,  secure  access  and 
open  source  integration.  PAGE  52. 
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four  countries  to  put  11  Web  conferencing  services  through 
their  paces.  IMeeting  from  Interwise  came  out  on  top,  with  Raindance, 
WebEx  and  Linktivity  not  far  behind.  PAGE  58. 
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Network  World  Radio:  DNS  cache  poisoning 

There’s  a  new  type  of  attack  taking  place  on  the  Internet,  and  it 
might  be  dropping  spyware,  adware  and  other  malicious  code  on 
your  machine.  The  attack,  first  discovered  by  the  SANS  Internet 
Security  Center  nearly  two  months  ago,  uses  "poisoned"  DNS 
servers  to  redirect  unsuspecting  users  to  hacker  controlled  sites. 
Ken  Dunham,  director  of  malicious  code  intelligence  at  iDefense, 
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Keeping  home  nets  free  from  viruses,  bugs,  spyware  and  worms 
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Gates  wants  end  to  overseas  hiring  limits 

■  It’s  not  the  first  time  he’s  shown  a  preference  for  it  and  likely 
won’t  be  the  last,  but  Microsoft  Chief  Software  Architect  Bill  Gates 
last  week  said  he’d  like  the  Bush  administration  to  do  away  with  the 
limitation  on  foreign  engineers  US.  companies  can  hire.The  stance 
isn’t  popular  with  technology  workers,  particularly  those  who  have 
watched  their  jobs  go  offshore  over  the  past  few  years.  According  to 
an  Associated  Press  report,  Gates  said  the  government  should  elim¬ 
inate  the  limit  of  65,000  for  overseas  workers  who  can  be  hired 
each  year  by  American  firms  under  specialty  Hl-B  visas  aimed  at 
drawing  engineers,  scientists,  architects  and  doctors  to  the  U.S.“The 
whole  idea  of  the  Hl-B  visa  thing  is,  don’t  let  too  many  smart  peo¬ 
ple  come  into  the  country?’  Gates  told  a  panel  discussion  at  the 
Library  of  Congress.The  thing  basically  doesn’t  make  sense.” 

Verizon  ends  Wi-Fi  hot  spot  plan  in  N.Y. 

■  Verizon  says  it  will  decommission  the  380  free  Wi-Fi  hot  spots  in  New  York  City  it  turned 
up  for  its  DSL  customers  two  years  ago. The  carrier  said  usage  was  low  —  fewer  than  half 
were  generating  more  than  80%  of  the  traffic. Verizon  will  instead  steer  mobile  business 
customers  to  its  cellular  EV-DO  BroadbandAccess  service,  which  costs  $80  per  month.  All 
hot  spots  will  be  shut  down  in  two  months.  Verizon  initially  planned  to  run  up  1,000  hot 
spots  in  New  York  by  the  end  of  2003.  With  up  to  54M  bit/sec  speeds  within  a  300-foot 
radius, Wi-Fi  is  considered  by  some  to  be  an  attractive  network  access  offering  for  mobile 
business  users  in  hotels,  airports,  restaurants  and  on  busy  street  corners.  The  business 
model  forWi-Fi  hot  spots  has  been  elusive,  however,  as  potential  users  might  be  turned  off 
by  the  cost  for  access,  spotty  coverage  and  limited  roaming.  Wi-Fi  pioneer  Cometa  shut 
down  last  year  after  failing  to  garner  support  from  carriers  to  fund  its  hot-spot  rollout.  But 
some  carriers  continue  to  forge  ahead  on  expansive  Wi-Fi  coverage.  Sprint  recently 
announced  that  it  added  5,000  hot  spots  over  the  past  month  to  19,000.The  carrier  plans 
to  have  25,000  hot  spots  for  its  Sprint  PCS  customers  by  year-end  (see  page  40). 

IBM,  Cisco  team  up  on  speech  apps 

■  IBM  and  Cisco  last  week  announced  plans  to  link  some  of  their  voice  products  to  make 
it  easier  for  organizations  to  develop  and  deploy  self-service  speech  applications.The  two 
vendors  have  been  working  to  integrate  IBM’s  WebSphere  Voice  Server  and  Cisco’s 


“Hello,  Santa  Clara. . .  .We  finally 
found  a  way  to  keep  our  new 
processor  cool!” 


Bill  Walter  of  Reston, 

Va.,  beat  the  toughest 
competition  we've  seen 
in  a  while  to  earn  top  honors  in  our  Weekly  Caption  Contest.  Check 
in  every  Monday  for  the  start  of  the  next  round. 
www.networkworld.com/weblogs/layer8 


TheGoodTheBadTheUgly 

Dream  job.  Chris  Liddell  has  got  to  be  one  happy  guy.  What  better  job  can 
a  money  handler  get  than  that  of  CFO  at  Microsoft?  "We  await  the  new  entrant's 
moves  with  interest.  One  thing  we're  confident  of:  He  won't  be  having  trouble  with 
debt  payments  or  cash  flow  anytime  soon  —  personally  or  corporately,"  says  Philip 
Carnelley,  research  director  at  Ovum,  citing  news  reports  that  Liddell  will  receive 
a  salary  of  $500,000,  a  signing  bonus  of  $300,000  plus  stock  awards. 

Apology  accepted? 

Trend  Micro  says  it  plans  no 
compensation  for  the  hundreds  of 
companies  negatively  affected  by 
a  faulty  anti-virus  update  that  the 
company  issued  earlier  this  month. 

A  fault  in  the  software-update  file 
caused  a  problem  that  sucked  up 
processing  power  of  PCs  that  had 
downloaded  the  update.  "I  am  really, 
really  sorry  for  releasing  this 
product . . .  [which  caused]  a  lot 
of  trouble  for  our  customers  and 
stopped  your  businesses  working 
for  more  than  two  days,"  Trend 
Micro  CEO  Eva  Chen  said.  >• 

®  Wearing  thin  .  Xybernaut,  known  for  its  wearable/mobile  computing  gear, 
last  week  said  it  is  forming  a  new  office  of  the  chairman  amidst  word  that  the  U.8. 
Attorney's  Office  for  the  Eastern  District  of  Virginia  is  opening  an  investigation  into 
the  financially  troubled  company's  operations.  The  company  earlier  this  month  canned 
its  chairman  and  CEO,  who  Xybernaut  officials  said  "improperly  used  substantial  company 
funds  for  personal  expenses." 


Customer  Voice  Portal,  and  expect  to  deliver  a  combined  offering  by  mid-year. 
Organizations  increasingly  are  looking  to  provide  speech-enabled  applications  that  let 
customers  conduct  transactions  over  the  phone  instead  of  requiring  help  from  a  live  cus¬ 
tomer  service  agent.  One  goal  is  to  alleviate  traditionally  high  labor  costs  in  call  centers. 
IBM’s  Business  Consulting  Services  division  estimates  labor-related  expenses  —  such  as 
payroll,  staff  turnover,  training  and  retention  —  can  comprise  75%  of  call  center  costs. 
IBM’s  WebSphere  Voice  Server  software  pairs  its  application  server  technology  with  tools 
for  developing  and  deploying  speech-enabled  applications.  Cisco’s  Customer  Voice  Fbrtal 
is  interactive  voice  response  software  that  combines  call-management  features  with  sup¬ 
port  for  speech  recognition  and  text-to-speech  technologies. 

New  York  takes  aim  at  spyware/adware 

■  In  an  effort  to  challenge  spyware  and  adware  marketing  practices,  New  York  Attorney 
General  Eliot  Spitzer  last  week  went  on  the  offensive  by  suing  Los  Angeles  Internet  mar¬ 
keting  firm  Intermix  Media  for  deceptive  practices.  In  a  civil  suit  that  targets  the  company 
—  but  not  advertisers  themselves  —  Intermix  is  accused  of  deceptive  practices  in  down¬ 
loading  its  software  to  computers  of  Web  surfers,  who  are  then  presented  with  pop-up  ads. 
Spitzer’s  office  alleges  the  software  adds  unnecessary  toolbar  items  and  redirects  users  to 
unwanted  Web  sites.The  lawsuit  accuses  Intermix  of  violating  General  Business  Law  pro¬ 
visions,  as  well  as  trespass  under  New  York  common  law. 

China’s  largest  bank  chooses  Linux 

■  China’s  biggest  bank  plans  to  deploy  Linux  on  servers  across  its  network  of  20,000 
national  branches  in  a  project  that  might  be  the  biggest  Linux  deployment  yet  in  China, 
according  to  an  executive  involved  with  the  deal.The  Industrial  and  Commercial  Bank  of 
China  (ICBC)  plans  to  gradually  roll  out  the  Turbolinux  7  DataServer  operating  system  for 
all  its  front-end  banking  operations  over  a  three-year  period.  Financial  terms  were  not  dis¬ 
closed.  With  $640  billion  in  total  assets,  ICBC  is  China’s  biggest  bank, serving  100  million 
individuals  and  8.1  million  corporate  accounts  at  more  than  20,000  branch  offices.  When 
the  project  is  completed,  many  of  ICBC’s  390,000  employees  will  be  accessing  applica¬ 
tions  hosted  on  Linux  servers  on  a  daily  basis. 
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Sun  steps  up  services  offerings 


Sun  at  your  service? 

Sun  hopes  to  reinvent  itself  as  a  services  company.  The 
question  is  will  it  be  able  to  convince  customers? 

Challenges 

Image:  While  Sun  has  been  expanding  beyond  its  big  server  roots 
for  a  few  years  now,  it’s  still  best  known  for  its  high-end  hardware. 
Financial  footing:  Sun  missed  analyst  forecasts  in  its  most  recent 
quarter,  and  while  it’s  not  in  as  dire  straits  as  it  has  been,  it  still  has 
yet  to  raise  revenue  by  more  than  1%  in  16  consecutive  quarters. 
Stepping  beyond  Solaris:  To  appeal  to  a  wide  customer  base,  Sun 
has  to  embrace  heterogeneous  environments. 

Strategies 

Same  expertise,  new  package:  Sun  is  packaging  its  engineering 
expertise  into  its  services  offerings  with  the  idea  of  educating 
customers  on  how  to  run  IT  more  efficiently. 

Offering  choices:  Sun  is  introducing  options  that  range  from  basic 
update  services  to  on-demand  grid  computing. 

Celebrating  diverstity:  With  its  acquisition  of  managed  services 
provider  SevenSpace  earlierthis  year,  Sun  illustrated  its  commitment 
to  providing  services  regardless  of  platform. 


■  BY  JENNIFER  MEARS  AND  DENI 
CONNOR 

As  part  of  a  continuing  effort  to 
cast  off  its  mantle  as  strictly  a  big 
server  vendor,  Sun  this  week  is 
expected  to  expand  its  services 
offerings  with  the  Sun  Con¬ 
nection  portal  that  will  provide 
end  users  access  to  a  menu  of 
managed  services,  including  a 
new  patch  update  service  for 
Solaris. 

Sun  also  plans  to  unveil  new 
management  and  provisioning 
software  within  its  N1  family  of 
products,  roll  out  new  storage 
software  suites  and  update  its 
Sun  Grid  and  Sun  Storage  Grid 
offerings. 

The  announcements  mark  an¬ 
other  step  in  Sun’s  efforts  to  rein¬ 
vent  itself  as  more  of  a  services 
firm,  a  shift  that  CEO  Scott  Mc- 
Nealy  says  he  hopes  will  boost  the 
beleaguered  company  Sun  has 
made  a  living  selling  big,  expen¬ 
sive  Unix  boxes  during  the  dot¬ 
com  boom,  a  time  when  its  stock 
priced  soar  above  $100.  Today 
Sun’s  stock  hovers  around  $3.50. 

Last  month, Sun  reported  that  it 
broke  even  in  its  third  quarter, 
but  logged  sales  of  $2.63  billion, 
a  1%  drop  from  the  $2.65  billion 


in  sales  it  reported  during  the 
same  quarter  last  year.  A  poorly 
performing  products  group, 
which  makes  servers  and  other 
computers,  didn’t  help  as  rev¬ 
enue  from  that  unit  fell  to  $1.68 
billion  from  the  $1.71  billion  it 
reported  during  the  same  quar¬ 
ter  last  year. 

Industry  observers  say  the  trou¬ 
ble  has  been  that  Sun  was  slow 
to  embrace  the  changing  IT 
landscape  that  came  with  a 
shrinking  economy  Customers 
tightened  their  purse  strings  and 
looked  for  lower-cost,  flexible 
systems  that  were  less  complex 
than  the  big  boxes  Sun  was  sell¬ 
ing.  In  the  past  couple  of  years, 
Sun  has  made  changes,  embrac¬ 
ing  the  low-end  with  a  wide-rang¬ 
ing  partnership  with  Advanced 
Micro  Devices  and  giving  more 
attention  to  Linux,  for  example. 

It  also  has  put  a  renewed  focus 
on  services,  which  McNealy  con¬ 
siders  a  more  predictable  rev¬ 
enue  stream  than  hardware.  Last 
year,  Sun  introduced  subscrip¬ 
tion-based  Preventive  Services, 
for  identifying  and  mitigating 
problems,  and  Remote  Services, 
for  management  and  monitoring. 

With  Sun  Connection, it  is  try¬ 
ing  to  make  it  easier  for  cus¬ 


tomers  to  get  the  services  they 
need  by  creating  a  clearing¬ 
house.  One  of  the  first  offerings 
under  the  Sun  Connection 
umbrella  will  be  Sun  Update 
Connection,  which  will  let  cus¬ 
tomers  download  Solaris  up¬ 
dates  and  patches  as  they  need 
them  or  have  them  automatical¬ 


ly  applied  based  on  their  partic¬ 
ular  business  policies. 

Sun  will  continue  to  add  offer¬ 
ings  to  the  Sun  Connection  por¬ 
tal,  which  will  span  basic  patch 
update  services  to  grid  comput¬ 
ing,  where  customers  can  get 
computing  power  on  demand, 
says  Jay  Littlepage,  senior  vice 


president  of  customer  net¬ 
worked  services  at  Sun.  In  addi¬ 
tion,  Sun  is  integrating  technolo¬ 
gy  and  expertise  it  got  when  it 
acquired  SevenSpace  earlier  this 
year  to  expand  its  services  offer¬ 
ings  to  heterogeneous  environ¬ 
ments  that  include  operating  sys¬ 
tems  other  than  Solaris. 

“Sun  will  give  you  product  in 
any  shape  and  form  that  makes  it 
easy  for  the  customer,”  says 
Nancy  Hurley  a  senior  analyst 
with  Enterprise  Strategy  Group. 
“You  can  buy  it  on  your  own, you 
can  have  Sun  manage  it  for  you 
or  if  you  need  it  only  once  in  a 
while, you  can  buy  it  off  the  grid.” 

The  idea  is  to  give  customers 
options  when  it  comes  to  bring¬ 
ing  in  the  IT  resources  they  need 
to  perform  business  functions, 
Littlepage  says. 

HP  and  IBM  also  are  heighten¬ 
ing  their  focus  on  managed  ser¬ 
vices  that  can  be  consumed  re¬ 
motely  on  demand.  Sun  execu¬ 
tives  say  they’re  not  trying  to 
compete  with  IBM  Global 
Services,  which  reported  more 
than  $1 1  billion  in  revenue  in  the 
first  quarter.  Sun,  in  contrast, 
boosted  its  services  revenue  in 
its  fiscal  third  quarter  from  $940 
million  to  $944  million.  ■ 
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Lessons  from  leading  users 


I  Emergency  extension 

State  Farm  Insurance  can  bring  nodes  up  in  disaster-torn 
areas  in  a  matter  of  hours. 

■  BY  JOHN  DIX 

When  you  have  a  backbone  network  that  spans  the  country  supporting  three  giant  corporate 
facilities,  35  operations  centers,  almost  500  claims  offices  and  some  17,000  agent  offices,  you’d 
think  you’d  have  your  bases  covered. 

But  natural  disasters  don’t  play  by  any  rules,  and  for  State  Farm  Insurance,  the  nation’s  largest 
home  and  auto  insurance  company  that  means  it  is  critical  to  be  able  to  quickly  extend  the 
network  to  support  hard-hit  areas. 

That  job  falls  to  Kevin  Cox,  manager  of  the  company’s  Systems  Catastrophe  Services  group. 
His  22-person  team  —  consisting  of  catastrophe  support  specialists  dotted  throughout  the 
country  —  is  responsible  for  getting  equipment  into  the  field  after  a  disaster  and  bringing  up 
the  network  links  that  make  it  possible  to  speed  claims  processing. 

The  company,  which  has  some  76,000  employees  —  more  than  9,000  in  IT  alone  — prides 
itself  on  being  responsive.  Responding  fast  after  disaster  strikes  benefits  policyholders, 
increases  brand  loyalty  and  is  a  key  selling  point  for  State  Farm  agents. 

WAN  cans 

The  Systems  Catastrophe  Services  group  has  two  primary  types  of  resources  it  uses  to 
respond  to  disasters:  network  kits  that  can  be  delivered  by  courier  overnight,  and  trucks  that 

See  State  Farm,  page  88 


Catastrophe  Response  Vehicle 

The  36-foot-long  CRV  is  a  rolling  claims  office  that  State  Farm 
can  dispatch  directly  into  storm-ravaged  neighborhoods,  tie 
into  the  company  network  via  the  VSAT  antenna  on  the  roof  and 
speed  claims  processing. 
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Trustgenix  eases  identity  integration 


■  BY  JOHN  FONTANA 

Trustgenix  last  week  released  a  simplified 
version  of  its  server  for  sharing  identities 
among  companies  that  is  designed  to  let 
users  easily  integrate  partners  into  their 
infrastructure  for  access  control. 

The  company’s  new  IdentityBridge 
Standard  Edition  acts  as  an  endpoint  in  a 
hub-and-spoke  model  for  integrating  iden¬ 
tity  information  between  companies  —  so- 
called  identity  federation.  Trustgenix  is  of¬ 
fering  the  Standard  Edition  as  an  easy  way 
for  larger  companies  that  have  adopted 
standards-based  federation  servers  —  such 
as  Trustgenix’s  IdentityBridge  Enterprise 
Edition  —  to  expand  their  realms  with 
their  smaller  or  less  tech-sawy  partners  to 
create  single  sign-on  capabilities  to  Web- 


based  applications. 

The  Standard  Edition  has  been  stripped 
of  many  of  the  features  present  in  the  En¬ 
terprise  Edition,  which  allows  for  a  simple 
wizard  based  setup  and  configuration.  For 
example,  the  Standard  Edition  is  only  able 
to  relay  identity  information  to  the  hub  of 
the  identity  federation  and  cannot  accept 
any  requests  for  access. 

IBM  is  offering  a  similar  model  based  on 
an  alliance  it  made  last  year  with  PingID, 
where  the  PingFederate  server  can  be 
deployed  in  smaller  companies  looking  to 
share  identity  information  for  access  con¬ 
trol  with  larger  partners  running  Tivoli 
Federated  Identity  Manager. 

While  companies  such  as  IBM,  Microsoft, 
Novell,  Oracle,  RSA  Security,  Sun  and  Ping 
are  touting  federation,  user  adoption  is  in 


its  infancy  Gartner  estimates  that  only  5%  of 
organizations  have  active  federation  de¬ 
ployments  in  place  or  are  ready  to  roll  out 
the  technology  this  year. 

“The  federation  ‘poster  children’  are  rela¬ 
tively  few,  and  often  their  partners  are  not 
ready  to  federate  yet,”  says  Ray  Wagner,  re¬ 
search  vice  president  for  information  sec¬ 
urity  and  privacy  at  Gartner.  IdentityBridge 
Standard  Edition  runs  on  Windows  Server 
2000  and  2003  and  requires  the  use  of 
Microsoft  Internet  Information  Services 
version  5  or  6.  It  also  integrates  with 
Microsoft’s  Active  Directory  or  directories 
that  support  the  Lightweight  Directory 
Access  Protocol. 

As  part  of  the  IdentityBridge  installation, 
users  input  the  URL  that  is  the  access  point 
to  their  partner’s  network,  and  the  setup 


wizard  returns  an  alias  URL  that  can  be  dis¬ 
played  on  a  portal  application.  When  end 
users  click  that  URL,  the  request  is  redirect¬ 
ed  through  the  Standard  Edition  server, 
which  asks  for  identity  information  such  as 
a  user  name  and  password.  It  then  ex¬ 
changes  that  identity  information  with  the 
partner  site. 

The  upside  is  that  each  organization 
manages  and  maintains  its  own  user  data. 

The  IdentityBridge  Standard  Edition  sup¬ 
ports  standard  federation  protocols,  includ¬ 
ing  the  Security  Assertion  Markup  Lan¬ 
guage  1.0  and  1.1  and  the  Liberty  Alliance 
specification  1.1  and  1.2.  Support  forSAML 
2.0,  is  planned  for  this  summer. 

IdentityBridge  Standard  Edition  costs 
$5,000  for  one  server  with  an  unlimited 
number  of  users.* 


Cryptography 

continued  from  page  1 

of  Boston  and  Cambridge. 

Quantum  cryptography  uses 
single  photons  of  light  to  distrib¬ 
ute  keys  to  encrypt  and  decrypt 
messages.  Because  quantum  par¬ 
ticles  are  changed  by  any  obser¬ 
vation  or  measurement,  even  the 
simplest  attempt  at  snooping  on 
the  network  interrupts  the  flow 
of  data  and  alerts  administrators. 

While  the  technology  is  still  in 
the  pilot  stage,  Elliott  envisions  a 
day  when  quantum  cryptography 
will  safeguard  all  types  of  sen¬ 
sitive  traffic.“It’s  not  going  to 
overnight  replace  everything  we 
have,”  he  says.  But  it  will  be  used 
to  augment  current  technologies. 

Defense  funding 

BBN’s  research  is  funded  by 
the  Pentagons  Defense  Advan¬ 
ced  Research  Projects  Agency  so 
it’s  likely  the  government  would 
be  first  in  line  to  roll  out  the 
super-secure  technology  Elliott 
predicts  financial  firms  will  de¬ 
ploy  quantum  cryptography 
within  a  few  years  and  estimates 
that  businesses  in  general  will 
deploy  within  five  years.The 
technology  also  could  move  to 
the  consumer  market  —  for 
example,  in  a  fiber-to-the-home 
scenario  to  protect  the  network 
between  a  home  and  service 
provider. 

“People  think  of  quantum  cryp¬ 
tography  as  a  distant  possibility 
but  [the  network]  is  up  and  run¬ 
ning  today  underneath  Cam¬ 
bridge,”  Elliott  says.The  team  of 
nine  researchers  from  BBN,  four 
from  Boston  University  and  two 
from  Harvard  University  have  put 
together  “a  set  of  high-speed,  full- 


BBN's  super-secure  network 


BBN,  BU  and  Harvard  run  a  quantum  cryptography  test 
network  that  transmits  single  photons  of  light  to 
distribute  keys  used  for  encrypting  and  decrypting 
messages. 
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Fiberoptic  network 
(up  to  5M  bit/sec) 

A  12-mile  loop  comprises 
10  nodes  that  test  phase- 
modulated  quantum  cryp¬ 
tography,  entanglement 
quantum  key  distribution 
and  free-space  links. 
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Boston 


featured  quantum  cryptography 
systems  and  has  woven  them 
together  into  an  extremely 
secure  network,”  he  says. 

The  system  is  essentially  two 
networks  —  one  for  quantum 
key  distribution  and  one  that 
carries  the  encrypted  traffic.  And 
although  it’s  probably  the 
world’s  most  secure  network,  it’s 
not  protecting  any  real  secrets,  at 
least  not  yet.  For  this  pilot  phase, 
BBN  encrypts  normal  Internet 
traffic  such  as  Web  pages, 
Webcam  feeds  and  e-mail. 

The  network  has  10  nodes. 
Eight  are  at  BBN’s  offices  in 
Cambridge,  one  is  at  Harvard  in 
Cambridge,  and  another  is 
across  the  Charles  River  at  BU’s 


Photonics  Center. 

In  keeping  with  the  traditional 
naming  convention  that  IT  secu¬ 
rity  professionals  use  (details  at 
www.networkworld.com,  Doc- 
Rnder:  6947),  the  nodes  are 
named  Alice,  Bob,  Ali,  Baba, 
Amanda,  Brian,  Anna,  Boris,  Alex 
and  Barb. 

Inside  the  BBN  labs 

Elliott  works  out  of  an  unas¬ 
suming  lab  in  a  two-story  brick 
building  on  BBN’s  campus.  A 
labyrinth  of  blue  corridors  leads 
to  the  two-room  lab  tucked  away 
in  the  basement. 

A  mass  of  cords  and  wires 
snake  from  all  varieties  of  elec¬ 
tronics  on  a  table.  BBN  built 


much  of  the  optics  and  electron¬ 
ics  that  are  housed  on  server 
racks,  and  there  are  several 
Windows  and  Unix  machines. 
Pink  neon  wire  is  strung  high 
above,  and  a  server  rack  is 
embellished  with  glowing  blue 
plastic  cylinders  —  all  props 
obtained  from  a  comic  book. 

The  only  hints  that  this  isn’t 
your  run-of-the-mill  network  are 
a  large  pink  rectangular  box  that 
contains  a  coupler  and  phase 
shifter,  and  a  door  marked 
“Danger!’  Behind  it  lies  a  laser 
about  the  size  of  a  cement 
block.  Despite  the  warning,  the 
laser  is  low-powered  enough 
that  it’s  safe  to  enter  without  pro¬ 
tective  goggles,  unless  someone 
needs  to  open  the  laser  source 
to  make  an  adjustment  inside. 

How  it  works 

The  two  oldest  nodes,  Alice 
and  Bob,  have  been  running 
about  a  year  and  use  phase- 
modulated  cryptography 

A  laser  is  used  in  phase-modu¬ 
lated  cryptography  to  separate 
individual  photons  and  send 
them  to  a  modulator. The  modu¬ 
lator  pumps  them  out  to  other 
nodes  over  fiber-optic  cable. The 
photons  are  encoded  by  send¬ 
ing  them  out  at  different  inter¬ 
vals:  A  long  gap  indicates  one  bit 
of  information,  and  a  shorter 
one  a  different  bit. 

On  the  receiving  end,  another 
device  accepts  the  photons  and 
recognizes  how  they’re  modulat¬ 
ed.  If  the  sequence  matches 
what  was  originally  sent,  the  keys 
are  stored  and  used  to  unscram¬ 
ble  data  sent  through  conven¬ 
tional  means,  such  as  over  the 
Internet. 

Some  of  the  other  nodes  use 


an  entanglement  quantum  key- 
distribution  system,  which  essen¬ 
tially  splits  one  photon  into  con¬ 
joined  twins.  If  you  manipulate 
one,  the  other  is  affected.  BBN 
also  is  using  free-space  quantum 
cryptography  to  send  keys  in  the 
air  rather  than  over  fiber. 

Next  steps 

As  Elliott  approaches  the  first 
anniversary  of  the  network,  he 
says, “It’s  a  miracle  we  ever  as¬ 
sembled  the  fiber  for  this."  It  took 
BBN  researcher  Henry  Yeh  more 
than  two  and  half  years  dealing 
with  multiple  carriers  just  to 
piece  together  the  fiber  optics. 

Looking  ahead,  Elliott  has  sev¬ 
eral  initiatives  on  his  plate. 

He  wants  to  keep  adding 
nodes  to  the  network.The  net¬ 
work  currently  runs  at  up  to  5M 
bit/sec,  and  Elliott  wants  to 
boost  speeds  into  the  hundreds 
of  megabits  per  second. The  lim¬ 
iting  factor  is  the  detector,  which 
senses  the  passage  of  the  pho¬ 
ton.  None  are  commercially 
available  that  run  at  those 
speeds,  so  he  wants  to  build  his 
own. 

No  one  has  ever  built  a  quan¬ 
tum  cryptography  eavesdrop¬ 
ping  mechanism,  and  Elliott 
wants  to  create  the  first  one, 
which  he’s  calling  Eve.“Building 
Bob  is  hard  enough.  Eve  is  a  lot 
harder^  he  says. 

Another  challenge  is  the  dis¬ 
tance  limitation  —  with  current 
technology  quantum  cryptogra¬ 
phy  works  at  a  distance  of  up  to 
50  miles.  But  Elliott  believes  the 
technical  hurdles  ultimately  will 
be  dealt  with.“Someday  it  will 
be  possible  to  do  it  across  conti¬ 
nents  or  under  the  ocean,  but 
not  right  now(he  says.B 
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his  morning  I  set  up  a  firewall  in  London, 
fought  a  server  attack  in  Tokyo  and 
rebooted  a  malLserver  in  New  York. 


*  *■  ■  * 

■  ■ 
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From  right  here. 


Manage  your  data  center  from  anywhere... 

In  today's  pressure  filled  “uptime”  environment  where  a  few 
minutes  can  cost  you  big  dollars,  customer  confidence  and 
worker  productivity,  you  can't  afford  to  have  IT  problems.  And, 
you  know  fewer  administrators  and  “lights  out”  control  of  your 
data  centers  gives  you  a  much-needed  security  buffer. 


Lantronix  gives  you  access  to  ALL  of  your  data  center  assets 
from  anywhere  over  the  Internet  via  a  browser,  and  total  out-of- 
band  access  if  the  network  is  down.  We  also  offer  the  only 
console  manager  available  with  a  NIST-certified  implementation 
of  Advanced  Encryption  Standards  (Rijndael)*  along  with  SSL 
and  SSH  -  assuring  you  the  highest  level  of  security  available. 


SecureLinx™ 

Lights  out  remote  data  center  management. 


Secure  Console  Managers 

Remote  management  of  Linux,  Unix  and 
Windows®  2003  servers,  routers,  switches, 
telecom  and  building  access  equipment. 

-  Respond  faster  and  reduce  downtime 

-  Consolidate  resources  and  minimize  costs 


Remote  KVM"  via  IP 

Manage  an  entire  room  full  of  Windows  and 
Linux  servers  from  a  single  desktop,  from 
anywhere  over  the  Internet. 

-  Eliminate  need  for  multiple  keyboards, 
monitors  and  mice 

-  No  client  software  required 


LANTRONIX* 


Remote  Power  Managers 

Control  the  power,  individually,  to  every  device 
in  the  data  center  via  a  web  browser. 

-  Reboot  system  remotely 

-  Ensure  safe  power  distribution  and  reduce 
in-rush  overload 
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Editor's 

Choice 


SecureLinx  SLC16 
Winner  of  the  Network 
Computing  Editor's 
Choice  Award 


Network  anything.  Network  everything. 


’As  of  August  2004.  SecureLinx  SLC  is  the  only  console  manager  with  a  NIST-certified  implementation  of  Advanced  Encryption  Standards  as  specified  by  FIPS-197 
(Federal  Information  Processing  Standards).  ©  2005  Lantronix,  Lantronix  is  a  registered  trademark,  and  SecureLinx  and  Remote  KVM  are  trademarks  of  Lantronix,  Inc. 


www.lantronix.com  I  (800)  422-7055 
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A  view  to  the  WAN 

Computer  Associates’  Unicenter  customers  soon  will 
be  able  to  link  directly  to  Allot's  NetEnforcer  appliance 
to  view  and  analyze  WAN  traffic  stats. 
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■  BY  DENISE  DUBIE 

Vendors  plan  to  use  Interop  this 
week  to  launch  new  and  upgrad¬ 
ed  products  designed  to  show 
how  networks  and  applications 
affect  each  other. 

Companies  such  as  Allot  Com¬ 
munications,  Computer  Asso¬ 
ciates  and  WildPackets  are  ex¬ 
pected  to  showcase  products 
that  perform  packet  analysis, 
monitor  traffic  and  measure  end- 
user  experience  with  Web  appli¬ 
cations.  The  announcements 
could  be  considered  part  of  a 
growing  trend,  industry  watchers 
say  as  IT  managers  demand  tools 
that  help  them  understand  how 
the  network  enables  application 
performance. 

“The  whole  notion  of  under¬ 
standing  the  application  flow  is 
directly  related  to  performance 
over  the  network,  which  is  differ¬ 
ent  than  traditional  application 
management  tools  that  took  a  sys- 
tems-centric  approach,”  says 
Dennis  Drogseth,  a  vice  president 


with  Enterprise  Management 
Associates.  “Factors  such  as  mod¬ 
ular  applications  on  distributed 
networks,  Web  services  and  ser- 
vices-oriented  architectures  are 
driving  the  network  and  applica¬ 
tion  performance  to  become 
more  and  more  intertwined.” 

For  its  part,  Allot  is  introducing 
the  NetEnforcer  AC-1 040,  an  appli¬ 
ance  that  sits  in  front  of  a  router 
and  monitors  traffic  leaving  the 
LAN  and  traversing  the  WAN. 

The  device  will  help  companies 
monitor  all  Internet  and  WAN  traf¬ 
fic  going  out  to  remote  locations 
to  determine  the  source  of  perfor¬ 
mance  degradations,  the  compa¬ 
ny  says.  The  product  provides  sta¬ 
tistics  on  the  top  application  talk¬ 
ers,  identifies  unnecessary  band¬ 
width  hogs  and  offers  insight  into 
unauthorized  applications,  such 
as  peer-to-peer  traffic,  which  can 
cause  network  bottlenecks.  Set  to 
be  available  later  this  month,  the 
AC- 1040  is  priced  at  about 
$42,000. 

Allot  also  will  be  showcasing 


the  AC-1 040  s  integration  with 
Computer  Associates’  Unicenter 
systems  management  software 
(see  graphic).  CA,  which  recently 
beefed  up  its  network  manage 
ment  offerings  by  acquiring  Con¬ 
cord  Communications,  will  use 
the  integration  with  Allot’s  appli¬ 
ance  to  help  customers  better 
analyze  VoIRCRM  and  other  such 
WAN  application  traffic  via  Uni¬ 
center.  The  integration  points  be 
tween  the  two  products  will  be 
available  in  the  next  release  of 
Unicenter,  which  has  yet  to  be 
announced. 

Also  at  Interop,  WildPackets 
plans  to  unveil  OmniPeek  Voice, 
software  that  incorporates  distrib¬ 
uted  VoIP  analysis  into  its  LAN 
and  WAN  packet-sniffing  trouble 
shooting  and  analysis  tool.  The 
voice  component  works  with 
WildPackets’  Omni3  offering, 
which  includes  console  software, 
as  well  as  distributed  software 
engines  on  other  servers  across  a 
network. 

OmniPeek  Voice,  the  company 


says,  will  enable  network  man¬ 
agers  to  drill  down  into  the  packet 
level  of  voice  applications  to 
understand  performance  issues, 


such  as  packet  loss,  jitter  and 
latency.  OmniPeek  requires  a 
console  and  at  least  one  remote 
engine.  The  new  wares  are  slated 
to  be  available  in  June,  and 
prices  can  range  between  $6,000 
and  $18,000. 

Other  vendors  plan  to  use  In¬ 
terop  to  showcase  how  well  their 
wares  will  enhance  application 
performance  from  an  end-user 
perspective  and  speed  high  prior¬ 
ity  Web-applications  to  end-user 
or  customer  desktops. 

Symphoniq,  a  software  maker 
headed  by  NetlQ  founder  Hon 
Wong,  will  showcase  its  new  diag¬ 
nostic  product,  dubbed  TrueView 
BusinessPulse.  The  product  will 
work  on  top  of  TrueView’s  Web 
application-performance  moni¬ 
toring  software  to  help  IT  man¬ 
agers  relate  performance  metrics 
to  pre-set  policies,  capacity  plan¬ 
ning  projects  and  business 
processes. 

Symphoniq’s  TrueView  Web 
Management  Suite  uses  software 
installed  in  a  dedicated  server  in 
the  data  center,  which  includes  a 
data  repository  and  manage¬ 
ment  console,  and  probe  soft¬ 
ware  on  each  Web  server.  The 
product  adds  three  lines  of 
HTML  code  to  each  Web  page  to 
collect  statistics  such  as 
response  time,  image  load  times 
and  abandoned  operations  dur¬ 
ing  end-user  sessions. 

Rich  Burton,  COO  at  Core 
Systems  Group,  a  business  conti¬ 
nuity  consulting  company  in 
Branchburg,  N.J.,  says  TrueView 
BusinessPulse  could  provide  his 
See  Management  page  86 


Avaya 

continued  from  page  1 

and  traffic  rerouting  capabilities.  A  new  devel¬ 
opment  platform  for  integrating  Avaya  VoIP 
into  corporate  applications  also  is  on  tap. 

Avaya  is  launching  Communication  Manager 
3.0,  the  software  that  runs  its  IP  PBXs.  Among  a 
list  of  new  features  is  Enterprise  Survivability 
Server  (ESS),  which  lets  up  to  seven  Avaya  IP 
PBXs  (based  on  the  S8700  hardware)  act  as  a 
“master”  node  on  a  distributed  VoIP  network.  In 
case  of  a  network  outage  or  hardware  failure 
to  one  or  more  main  IP  PBX  servers  in  a  net¬ 
work,  ESS  allows  all  users  on  a  VoIP  network  to 
be  rerouted  and  registered  to  an  active  IP  PBX. 
Previously,  this  type  of  wide-area  failover 
required  a  technician  to  switch  a  secondary  IP 
PBX  into  a  main-server  role,  Avaya  says. 

The  ESS  feature  is  important  to  Scott  Mah, 
assistant  vice  president  for  IT  infrastructure  at 
the  University  of  Washington  in  Seattle,  where 
Avaya  IP  PBXs  tie  together  dozens  of  campus 
locations,  as  well  as  university-run  medical 
facilities  throughout  the  state. 

“If  there  is  an  earthquake  in  the  Seattle  area 
and  connectivity  to  the  main  server  is  lost,  our 
hospital  trauma  center  and  911  police  emer¬ 
gency  dispatch  will  be  able  to  operate  in  a 
stand-alone  mode,”  Mah  says. 

ESS  is  similar  to  Cisco’s  CallManager  cluster¬ 
ing  technology  and  Survivable  Remote  Site 
Telephony  feature,  as  well  as  Siemens’  distrib¬ 
uted  IP  PBX  technology  on  its  HiPath  products. 

Avaya  also  is  introducing  its  Converged 
Network  Analyzer  software,  which  runs  on  the 
Linux-based  S8000  series  server  hardware  and 
provides  VoIP  network  monitoring,  manage¬ 
ment  and  call  rerouting  in  case  of  network 


Along  with  new  VoIP  servers,  Avaya  is  launching 
an  IP  phone  with  SIP  support. 


congestion  or  VoIP  call  quality  degradation. 
The  software  constantly  tests  a  VoIP  network 
by  sending  low-bandwidth  dummy  VoIP  call 
traffic  to  test  for  call  quality  If  poor  quality  is 
detected,  the  software  scans  the  WAN  for  alter¬ 
nate  paths  and  reroutes  calls  based  on  tech¬ 
nology  from  Avaya’s  acquisition  of 
RouteScience.. 

“One  big  concern  customers  have  about  IP 
telephony  is  the  reliability  of  the  IP  network,” 
says  Jeff  Snyder,  a  research  vice  president  at 
Gartner.  Converged  Network  Analyzer  “should 
help  make  [users]  more  comfortable.” 

Products  that  scan  and  test  call  quality  on 
VoIP  networks  mostly  come  from  third-party 
companies,  as  opposed  to  IP  PBX  vendors; 
these  include  products  from  NetIQ.Telchemy 
and  Qovia. 


Communication  Manager  3.0  costs  between 
$35  and  $175  per  seat.  The  ESS  feature  for  is 
$40,000  extra. 

On  the  Session  Initiation  Protocol  (SIP) 
front,  Avaya  is  introducing  an  upgrade  to  its 
Converged  Communication  Server,  a  platform 
that  bridges  Avaya  IP  PBX,  which  uses  a  pro¬ 
prietary  VoIP  call  control  protocol,  with  SIP 
This  lets  users  of  legacy  Avaya  gear,  as  well  as 
IP-based  phone  gear,  use  integrated  SIP-based 
applications,  such  as  softphones,  presence 
management,  conferencing  and  instant  mes- 
saging.The  Converged  Communication  Server 
supports  6,000  users,  up  from  3,500  on  the  pre¬ 
vious  version. 

Another  software  component  is  the  Appli¬ 
cation  Enablement  Services  package. This  soft¬ 
ware,  which  includes  Avaya  APIs  and  XML 
development  tools,  is  targeted  at  businesses 
that  integrate  voice  into  enterprise  applica¬ 
tions  —  such  as  mixing  VoIP  or  IP  PBX  access 
into  call  center  or  CRM  applications. 

“Avaya  has  been  trying  to  position  itself  as 
more  of  an  applications  company  instead  of  a 
business  phone  company,"  Gartner’s  Snyder 
says.  The  Converged  Communication  Server 
and  Application  Enablement  Services  are  evi¬ 
dence  of  that,  he  adds. 

Other  hardware/software  products  Avaya  is 
launching  include: 

•  Meeting  Exchange  module  to  Communica¬ 
tion  Manager  3.0:  Based  on  technology 
acquired  from  Spectel,  it  allows  300  callers  to 
join  a  single  conference  call  with  one  access 
phone  number.  It  costs  $150  per  user. 

•  The  G150  and  G250  gateways,  priced  at 
$1,600  and  $2,200  respectively  are  aimed  at 
small  offices  (up  to  15  users)  and  support 
S8300  local  IP  PBX  server  modules.* 
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MIDDLEWARE  IS  IBM  SOFTWARE.  The  powerful  DB2 
Information  Management  Software  Family.  With  industry 
leading  DB2  and  Informix®  databases,  it’s  the  most  complete 
information  management  solution  available.  Built  on  open 
standards,  it  lets  you  access  content  from  various  sources. 
Integrate  information,  boost  productivity,  stay  compliant.  Plus 
gain  insight  to  make  better  business  decisions.  On  demand. 


Middleware  for  the  on  demand  world.  Learn  more  at  ibm.com/middleware/information 


1.  Takes  virtual  tour  of  vacation  spot. 

2.  Books  flight  with  partner  airline. 

3.  Dispatches  service  automatically. 

4.  Analyzes  schedule  data  dynamically. 

5.  Business  results  reach  new  heights. 
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Interop  features  array  of  security  gear 


■  BY  TIM  GREENE  AND 
PHIL  HOCHMUTH 

A  host  of  security  vendors  are 
set  to  roll  out  everything  from 
intrusion-prevention  gear  to 
SSL  VPN  equipment  at  Interop 
this  week. 

This  focus  on  securing  net¬ 
works  is  not  surprising  consider¬ 
ing  that  59%  of  respondents  to 
the  most  recent  Network  World 
survey  say  they  plan  to  spend 
more  on  security  than  they  did 
last  year,  and  Interop  is  a  place 
to  shop. 

RadWare,  Array  Networks,  Forti- 
net  and  NeoAccel  will  demon¬ 
strate  products  at  the  show. 

RadWare  will  launch  its  De- 
fensePro  100  security  appliance 
for  adding  intrusion-prevention 
system  (IPS)  and  bandwidth 
management  capabilities  to  cor¬ 
porate  branch  offices.  The 
device,  which  supports  up  to 
100M  bit/sec  scanning  through¬ 
put,  is  a  smaller  version  of 
RadWare’s  3G  bit/sec  Defense- 
Pro  300  and  200  series  switches, 


■  BY  ELLEN  MESSMER 

An  industry  consortium  this 
week  plans  to  demonstrate  a 
specification  for  desktop  policy 
enforcement  that  has  been  a  year 
in  the  making. 

The  Trusted  Computing  Group’s 
(TCG)  specification,  which  is 
scheduled  to  make  its  debut  at 
Interop  in  Las  Vegas,  offers  a  way 
to  conduct  integrity  checks  of 
desktop  computers,  such  as  re¬ 
quiring  anti-virus  or  software 
patch  updates  before  granting 
network  access.  While  this  capa¬ 
bility  exists  in  some  products,  the 
Trusted  Network  Connect  (TNC) 
specification  is  the  first  attempt  to 
define  an  open  standard  for  it. 

Some  consortium  members,  in¬ 
cluding  Funk  Software,  HP  and 
iPass,  will  show  how  the  specifi¬ 
cation  works  through  software  in¬ 
teroperability  demonstrations 
over  an  HP  ProCurve  Switch- 
based  LAN. 

“Interoperability  is  important  to 
minimize  the  ways  we  have  to  do 
this,  which  today  requires  custom 
development  with  anti-virus  ven¬ 
dors  and  others,”  says  Barbara 
Nelson,  director  of  advanced 
technology  at  iPass,  which  makes 


used  in  ISPs  and  large  corporate 
networks. 

The  DefensePro  100  sits  be¬ 
tween  a  WAN  router  link  and  a 
LAN  inside  a  branch  office.  It 
scans  all  incoming  and  outgoing 
traffic  for  more  than  1 ,500  virus, 
worm  and  Trojan  signatures. 
Malicious  traffic  can  be  dropped 
or  re-directed  to  a  secure  quar¬ 
antine  segment  of  a  LAN,  accord¬ 
ing  to  RadWare. 

The  device  also  can  detect 
irregular  network  traffic  pat¬ 
terns,  the  vendor  says.  Such  pat¬ 
terns  that  might  be  part  of  a 
new  type  of  network  attack  can 
be  handled  in  several  ways, 
RadWare  says:  Bandwidth  for 
the  suspicious  packet  flow  can 
be  squeezed  to  a  trickle,  so  as 
not  to  congest  a  network  pipe; 
the  flow  can  be  mirrored  to  an 
administrative  PC  for  forensic 
inspection;  or  traffic  can  be 
dropped. 

The  DefensePro  100  also  can 
identify  and  legitimatize  applica¬ 
tion  flows  traveling  between  a 
branch  and  main  office,  such  as 


software  called  Endpoint  Policy 
Management  to  check  desktops 
for  missing  anti-virus  and  soft¬ 
ware  patches. 

If  the  network  industry  can  coa¬ 
lesce  around  a  common  way  to 
do  integrity  checks,  it  will  pro¬ 
mote  use  of  the  technology  she 
says. 

At  this  week’s  demonstration, 
iPass  plans  to  show  how  its  desk¬ 
top  Endpoint  Pblicy  Management 
software  can  collect  TNC-related 


ERR  e-mail  or  CRM  application 
streams.  The  device  can  be  con¬ 
figured  to  guarantee  a  specified 
amount  of  bandwidth  for  these 
applications,  even  if  a  WAN  pipe 
is  being  flooded  with  traffic  from 
a  network  attack  or  worm  or 
broadcast  storms  from  miscon- 
figured  network  equipment  or 
applications.  This  is  similar  to 
features  in  products  from 
Packeteer,  Peribit  and  others. 

The  DefensePro  100  costs 
$15,000,  with  virus/worm  signa¬ 
ture  update  services  costing 
between  $2,000  and  $3,000 
per  year. 

Moving  in  from  the  branch 
office  to  data  centers,  Array  will 
introduce  a  VPN  box  called  the 
SPX5000  that  supports  up  to 
64,000  concurrent  users  con¬ 
necting  via  SSL. 

With  that  much  capacity,  the 
box  is  designed  to  sit  between 
the  Internet  and  busy  data  cen¬ 
ters,  authenticating  users  and 
establishing  what  applications 
users  can  access.  Once  connect¬ 
ed,  the  box  can  direct  users  to  as 


information  about  anti-virus  and 
patch  updates  on  a  desktop.  The 
information  then  will  be  forward¬ 
ed  to  a  TNC-capable  authentica¬ 
tion  server  from  other  vendors, 
such  as  Funk  and  Meetinghouse 
Data  Communications.  These 
servers,  with  added  TNC-based 
code,  will  evaluate  desktops  to 
determine  if  they  should  be  grant¬ 
ed  network  access. 

Several  companies  involved  in 
this  week’s  demonstration  say 


many  as  250  virtual  LANs. 

In  addition  to  supporting  Web- 
based  applications,  it  can  set  up 
Layer  3  connections  with 
remote  machines  running  Win¬ 
dows  or  Linux. 

The  device  supports  a  feature 
called  virtual  sites,  which  lets 
users  apply  separate  policies  to 
up  to  128  groups  as  if  each  had 
its  own  appliance  to  which  it 
could  be  connected. 

The  SPX5000  costs  $40,000  to 
$100,000,  depending  on  configu¬ 
ration  and  the  number  of  con¬ 
current  users  it  supports. 

A  second  new  Array  device, 
this  one  for  offloading  SSL  traffic 
from  servers,  also  is  designed  for 
large  data  centers, similar  to  gear 
made  by  Redline  Networks  and 
NetScaler. 

Called  the  TMX5000,  it  com¬ 
presses  traffic  to  remote  users 
and  servers,  and  accelerates  SSL 
traffic.  The  box  supports  copper 
and  fiber  Gigabit  Ethernet  ports. 

The  TMX5000  has  three  soft¬ 
ware  options,  Web  acceleration, 
e-commerce  acceleration  and 


they  plan  to  include  TNC  func¬ 
tionality  in  future  products. 

Dan  Ratner,  director  of  product 
management  at  Meetinghouse, 
says  the  company  expects  to  in¬ 
clude  TNC  in  its  Aegis  client  and 
server  authentication  products 
by  the  fourth  quarter.  “It’s  an 
opportunity  to  extend  the  prod¬ 
ucts  so  while  we’re  doing  the 
authentication  we  can  also 
allow  the  integrity  checking  to 
occur(  he  says. 

Funk  plans  to  include  TNC  as 
part  of  its  Steel-Belted  Radius 
Server  and  Odyssey  Client  by 
mid-May  InfoExpress  expects  to 
add  TNC  to  its  CyberGatekeeper 
Policy  software  in  the  summer. 

TCG  member  Microsoft  two 
weeks  ago  endorsed  the  new 
specification,  promising  to  align 
its  fledgling  Network  Access  Pro¬ 
tection  effort  with  it.  Microsoft 
also  last  year  said  it  would  align 
with  another  industry  effort,  the 
Cisco  Network  Admission  Con¬ 
trol  (NAC),  which  is  well  under¬ 
way  with  40  anti-virus  and  policy- 
enforcement  software  vendors, 
including  TNC  backers  iPass  and 
InfoExpress.  Cisco  says  it  has  no 
plans  to  join  TCG  or  implement 
its  new  specification.  ■ 


full  application  front-ending. 
Pricing  was  not  available. 

Smaller  SSL  VPN  offerings  than 
Array’s  are  on  tap  from  Fortinet 
and  NeoAccel. 

Fortinet  is  announcing  that  it 
will  include  VPN  and  VoIP  sup¬ 
port  on  its  Fortigate  multifunc¬ 
tion  security  platforms,  meaning 
customers  can  protect  branch 
offices  with  one  device. 

With  the  SSL  VPN  software, 
Fortigate  boxes  become  remote- 
access  gateways  for  users  con¬ 
necting  to  business  sites  over  the 
Internet.  Once  SSL  traffic  has 
been  decrypted,  the  devices  can 
further  inspect  it  by  running  it 
through  virus,  intrusion-detec¬ 
tion  and  firewall  filters. 

The  SSL  VPN  software  is  in  beta 
tests  and  is  scheduled  to  be 
available  in  the  second  half  of 
this  year. 

VoIP  support  on  Fortigate  de¬ 
vices  consists  of  helping  voice 
calls  cross  devices  that  change 
IP  addresses  from  private  to  pub¬ 
lic,  such  as  firewalls.  It  also 
includes  the  ability  to  keep  track 
of  what  firewall  ports  are  dynam¬ 
ically  opened  by  VoIP  applica¬ 
tions  to  set  up  individual  calls 
and  makes  sure  they  are  closed 
again  when  the  call  is  over. 

Meanwhile,  NeoAccell,  whose 
SSL  VPN  Plus  platform  is  unique 
because  it  also  accelerates  traf¬ 
fic  over  a  WAN,  is  announcing 
Version  4.0,  which  adds  the  capa¬ 
bility  to  scan  remote  machines 
for  proper  security  configuration 
before  being  allowed  to  access 
the  VPN.The  software  also  cleans 
up  files  left  on  the  remote  PC 
during  remote-access  sessions  to 
prevent  unauthorized  users  from 
finding  confidential  data. 

The  software  supports  Light¬ 
weight  Directory  Access 
Protocol  look-ups  so  IT  staffs 
don’t  have  to  copy  authentica¬ 
tion  information  into  separate 
directories  on  the  NeoAccell 
platform. 

An  early  version  of  its  Version 
4  software  costs  $4,000.  It  runs 
on  Windows-  and  Linux-based 
servers.  ■ 


Correction 


■  Ihtne story  "11) start-ups 
to  watch”  (April  25,  page  80) 
within  the  portion  about  Go 
Networks,  Siemens  Acceleration 
should  have  been  listed  as  an 
investor. 


Group  to  demo  ways  to  secure  desktops 

How  Trusted  Network  Connect  works 

This  new  spec,  supported  via  desktop  and  server  software, 
is  designed  to  help  companies  enforce  desktop  security 
policies. 


OThe  client  serves  as  an 
“integrity  collector,” 
gathering  data  about  security 
status,  such  as  anti-virus 
and  patch  updates. 


©  Data  is  sent  to  the  server 
to  which  the  end  user 
seeks  access,  known  as 
.  the  “policy  decision  point” 


©The  policy  decision  point 
verifies  the  security  status 
to  determine  if  the  PC 
meets  policy  guidelines 
before  allowing  access. 


YOUR  COMPANY’S  FIREWALL 


Introducing  DuPont™  certified  limited  combustible  cable.  In  the  event  of  a  fire,  securing  your 
business’  uptime  is  crucial.  The  data  communications  cable  you  choose  could  play  a  key  role  in  protecting 
your  network  technology  investment.  DuPont™  certified  cable  produces  20  times  less  smoke  than  other 
plenum  rated  cables.  And  less  smoke  means  less  costly  downtime,  making  it  the  most  advanced  fire 
safety  cable  technology  available  today.  To  learn  more  about  DuPont1M  certified  limited  combustible  cable 
or  to  request  a  free  CD,  log  on  to  teflon.com/cablingmaterials  or  call  i-8oo-2oy-oy$6. 
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The  miracles  of  science™ 


HELP  YOUR  CUSTOMERS  GET  BACK 
A  PRECIOUS  COMMODITY. 

TIM  . 


Who  doesn’t  want  to  save  time  and  money?  Avocent  KVM  and  remote  management  technologies  help  IT  departments 
centralize  control  of  servers,  serial  and  power  devices,  all  from  a  single  interface.  Imagine  -  instant,  console  level  access 
to  servers  and  other  IT  devices.  It  may  just  be  one  of  the  reasons  our  DSView®  3  management  software  won  the 
prestigious  VARBusiness  MidMarket  Products  of  the  Year  award.  In  addition  to  time  savings,  Avocent  solves  real  problems 
for  IT  departments  every  day: 

•  Securely  manage  servers  in  data  centers  AND  branch  offices 

•  Save  time  and  money  with  centralized  control  and  instant  access 

•  Minimize  time  spent  on  Sarbanes  Oxley  and  HIPAA  compliance  reporting  with  audit  logs 
and  advanced  reporting 


AvocenL 

The  Power  of  Being  There® 


With  Avocent,  time  is  on  your  side.  Don't  delay  another  second  -  take  a  virtual  tour  at  www.avocent.com/control 
or  call  us  at  1-866-286-2368. 


Avocent  the  Avocent  logo,  DSView  and  The  Power  of  Being  There  are  trademarks 
of  Avocent  Corporation.  All  other  marks  are  the  property  of  their  respective 
owners.  ©  Copyright  2005  Avocent  Corporation. 
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Microsoft  has  server  beta  on  tap 


■  BY  JOHN  FONTANA 

Microsoft  proved  last  week  that 
it  still  has  a  lot  of  work  to  do  on 
Longhorn  before  it  is  corporate- 
ready.  But  the  imminent  release 
of  the  next  version  of  its  server 
operating  system  is  on  target  to 
provide  users  with  key  technol¬ 
ogy  designed  to  greatly  augment 
secure  access  to  their  networks. 

At  Microsoft’s  annual  Windows 
Hardware  Engineering  Confer¬ 
ence  (WinHEC),  Longhorn  dom¬ 
inated  the  marquee  with  its  pro¬ 
mise  of  future  improvements.  But 
for  the  near  term,  the  company 
announced  the  first  public  beta 
of  the  Windows  Server  2003  R2 
upgrade,  designed  to  let  users 
lock  down  access  controls  in¬ 
side  and  outside  a  firewall. 

The  beta,  which  is  slated  to  ship 
in  the  next  week  and  is  already 
being  tried  by  a  group  of  3,000 
testers,  includes  an  identity  tech¬ 
nology  called  Active  Directory 
Federation  Services  (ADFS). 
ADFS  is  one  of  the  final  pieces  of 
Microsoft’s  identity  management 
platform  and  it  represents  the 
company’s  first  implementation 
of  the  WS-Federation  protocol. 


Coming  attractions 

Microsoft  has  plans  to  release  most  of  its  server  applica¬ 
tions  for  its  new  64-bit  server  platform,  which  was  formally 
launched  last  week.  Here  is  a  look  at  the  release  schedule. 


2005 

2006-2007 

• 

SQL  Server  2005  • 

Windows  Longhorn  Server 

• 

Visual  Studio  2005  • 

Exchange  Server  12 

• 

Commerce  Server  2005  • 

Microsoft  Operations 

• 

Host  Integration  Server  2005 

Manager v3 

• 

BizTalk  Server  2006 

Virtual  Server  v2 

• 

Virtual  Server  2005  Service 

Virtual  PC  Server  v2 

Pack  1  • 

Windows  Server  Compute 

• 

Virtual  PC  2004  Service 

Cluster  Edition 

Pack  2 

• 

Services  for  Unix 

Microsoft  has  positioned  WS- 
Federation,  which  the  company 
developed  with  IBM, as  the  linch¬ 
pin  for  integrating  security  infra¬ 
structures  between  companies. 

“My  personal  quest  is  to  dispel 
the  idea  this  is  just  a  roll-up  of 
existing  stuff;  that’s  not  true. 
There  are  a  lot  of  new  technolo¬ 


gies  out  there,”  says  Samm 
DiStasio,  director  of  product 
management  for  the  Windows 
Server  division. 

Microsoft  also  used  WnHEC, 
which  is  targeted  at  hardware 
manufacturers,  to  implore  those 
partners  to  start  developing  dri¬ 
vers  for  new  64-bit  platforms  and 


for  Longhorn. The  company  also 
showed  off  prototypes  of  future 
mobile  devices  and  introduced 
new  feature  sets  for  Longhorn, 
such  as  touch-screen  support. 

A  new  document  format  code- 
named  Metro  was  introduced, 
which  is  expected  to  rival 
Adobe’s  PDF  format  (for  related 
story  see  “Short  Takes,”  page  33). 

The  company  also  said  its  Next 
Generation  Secure  Computing 
Base  (NGSCB),  a  hardware/soft¬ 
ware-based  security  feature  in¬ 
troduced  two  years  ago  under 
the  name  Palladium,  would  not 
ship  with  Longhorn  as  previously 
planned.  Instead,  a  few  features 
that  align  with  NGSCB,  such  as 
Secure  Start-up,  will  show  up  in 
Longhorn. 

In  addition,  the  company  gave 
a  small  glimpse  of  the  Avalon 
user  interface  features  slated 
for  Longhorn  and  formally 
launched  its  first  64-bit  operat¬ 
ing  systems. 

While  there  appeared  to  be  a 
lot  on  the  agenda,  critics  say  Mi¬ 
crosoft  must  get  past  discus¬ 
sions  of  Longhorn’s  goals  and 
begin  to  talk  about  specific 
See  Microsoft,  page  18 


Citrix  revises  software,  adds  VPN  box 


■  BY  STACY  COWLEY  AND  JOHN  COX 

Citrix  last  week  unveiled  a  flurry  of  prod¬ 
uct  updates  that  include  speed  and  scalabil¬ 
ity  enhancements  along  with  new  features 
such  as  an  overhauled  printer-support  sys¬ 
tem,  additional  security  and  access  controls, 
and  Pocket  PC  synchronization  support. 

The  company  introduced  its  flagship  Citrix 
Presentation  Server  4.0,  which 
sports  a  new  name:  With  this 
release,  Citrix  is  dropping  the 
MetaFrame  name,  a  move  Citrix 
Senior  Vice  President  of 
Corporate  Development  David 
Jones  says  was  made  to  mod¬ 
ernize  the  software’s  brand. This 
latest  release  continues  Citrix’s 
efforts  to  convince  corporations 
to  adopt  Citrix  applications  as  the  software 
layer  that  controls,  secures  and  manages  all 
end-user  access  to  applications  and  data  run¬ 
ning  on  centralized  Citrix  servers. 

Citrix  also  is  upgrading  its  Password 
Manager  single  sign-on  software  and  releas¬ 
ing  a  new  SSL  VPN  appliance,  the  Citrix 
Access  Gateway.  These  three  products  form 
Citrix’s  Access  Suite  4.0. 

Citrix  purchased  SSL  VPN  technology 
maker  Net6  in  November.  Releasing  the  Citrix 
Access  Gateway  pits  the  company  against 
established  SSL  VPN  vendors  such  as 


Aventail,  Juniper  and  Cisco.  The  company 
will  first  aim  the  Access  Gateway  at  its  cur¬ 
rent  customer  base,  emphasizing  its  superior 
Citrix  integration  compared  with  rival  prod¬ 
ucts,  Jones  says. 

Citrix  has  struggled  with  low  customer 
adoption  of  its  last  major  update  of 
Presentation  Server,  the  3.0  version  it  in  April 
2004.  Independent  industry  analyst  Brian 


Madden,  who  focuses  on  Citrix,  says  he 
expects  faster  adoption  of  the  4.0  release. 
While  the  previous  release  included  updates 
geared  almost  exclusively  to  large-enterprise 
users,  4.0’s  advances  will  be  useful  to  Citrix 
customers  of  all  sizes,  he  predicts.  He  singles 
out  the  new  printing  system  and  new  virtual 
memory  and  CPU  utilization  management 
technologies  as  enhancements  likely  to 
make  customers  happy. 

“The  reaction  to  PS3  was,  we  looked  at  the 
new  features  and  90%  of  customers  went 
down  the  list  and  said  ‘don’t  care,  don’t  care’ 


to  the  whole  list.  That  won’t  be  the  case  with 
PS4.  I  think  Citrix  really  nailed  it,”  Madden 
says.  “Of  course,  that’s  a  very  different  ques¬ 
tion  from,  ‘Will  a  non-Citrix  customer  who 
hasn’t  had  it  before  buy  it?’” 

One  customer’s  view 

Alan  Kauffman,  CIO  for  the  March  of  Dimes 
Birth  Defects  Foundation  and  a  relatively 
new  Citrix  customer,  says  he’s 
looking  forward  to  testing  the 
new  printing  system  in  Version 
4.0  and  hopes  to  put  it  to  use. 
March  of  Dimes  last  year  began 
using  Citrix  Presentation  Server 
to  centralize  management  of 
its  1,500  employee  PCs  scat¬ 
tered  throughout  250  offices 
nationwide. 

“The  new  print  engine  is  a  major  thing  for 
us,”  Kauffman  says.  “We’re  currently  using  a 
third-party  product  to  supplement  Citrix,  and 
we’d  prefer  not  to  use  that  third  party1 

Most  of  March  of  Dimes’  offices  are  staffed 
by  only  two  or  three  employees  with  no  IT 
support.  Consequently,  PC  and  application 
management  is  a  major  challenge  for  the 
organization  —  and,  as  a  nonprofit  that 
needs  to  keep  overhead  low,  March  of  Dimes 
has  to  make  do  with  aging  technology  and  a 
slim  IT  budget,  Kauffman  says.  He  spent  a 

See  Citrix,  page  18 


1 1  The  new  print  engine  is  a  msuor  thing 
for  us.  11 

Alan  Kauffman 

CIO,  March  of  Dimes  Birth  Defects  Foundation 
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continued  from  page  17 

details  so  companies  can  un¬ 
derstand  the  upgrade  options 
Longhorn  presents. 

“Longhorn  is  the  focus  again 
after  the  shipment  of  the  service 
packs  for  XP  and  Windows 
Server  2003,  but  knowing  what 
Longhorn  is  going  to  be,  I  think, 
is  still  a  bit  hard,”  says  Michael 
Cherry,  an  analyst  at  indepen¬ 
dent  research  firm  Directions  on 
Microsoft.  “They  are  telling  us  it 
is  going  to  be  important,  but  the 
underlying  details  are  still  to  be 
determined.” 

What  has  been  determined  is 
when  all  users  can  finally  begin 
to  test  Win  2003  R2.  It  is  the  first 
so-called  “interim”  release  of  the 
server  operating  system  since 
Microsoft  initiated  a  release 
cycle  that  called  for  a  major 
operating  system  upgrade  every 
four  years,  with  a  lesser  upgrade 
in  between. 

The  highlight  is  ADFS,  which 
lets  users  integrate  their  identity 


and  access  control  infrastruc¬ 
tures  with  partners  also  running 
the  Microsoft  directory  Eventu¬ 
ally  users  will  be  able  to  integrate 
regardless  of  platform  if  Micro¬ 
soft  is  successful  in  establishing 
WS-Federation  as  one  protocol 
under  its  WS-Security  banner  of 
Web  services  protocols  (see 
related  story,  page  21). 

ADFS  is  Microsoft’s  first  support 
for  WS-Federation,  which  will  let 
the  protocol  be  tested  side  by 
side  with  similar  specifications, 
most  notably  the  Security  Asser¬ 
tion  Markup  Language  and  the 
Liberty  Alliance’s  Identity  Web 
Services  Framework. 

Earlier  this  year,  Bill  Gates, 
Microsoft’s  chief  software  archi¬ 
tect,  called  federation  a  mile¬ 
stone  in  the  company’s  ongoing 
security  efforts. 

Users  will  have  to  roll  out  four 
pieces  of  Microsoft  infrastruc¬ 
ture  to  support  ADFS:  Active 
Directory,  the  federation  ser¬ 
vices,  a  federation  server  proxy 
and  a  Web  server,  according  to 
Microsoft  officials. 


Also  part  of  R2  is  branch-office 
support  so  servers  can  be  man¬ 
aged  remotely  from  a  central 
location,  integration  of  Services 
for  Unix  into  the  core  operating 
system,  new  storage  manage¬ 
ment  features,  support  for  the 
.Net  Framework  2.0  and  en¬ 
hancements  to  the  Windows 
SharePoint  Services  collabora¬ 
tion  technology 

While  R2  is  around  the  corner, 
Microsoft  used  WinHEC  to  show 
some  features  of  Longhorn, 
which  won’t  ship  until  next  year, 
including  instant-on,  smart  cach¬ 
ing,  disk  optimization,  hot  patch¬ 
ing,  single  image  deployment, 
third-party  code  isolation,  self- 
healing  and  diagnostic  features. 

Also  new  is  the  Metro  docu¬ 
ment  format,  which  is  an  XML- 
based  technology  that  Microsoft 
plans  to  offer  royalty  free.  Metro 
documents  can  be  displayed 
without  the  need  for  a  special¬ 
ized  client,  but  printers  and  print 
drivers  will  have  to  be  devel¬ 
oped  that  support  Metro,  Micro¬ 
soft  officials  said.B 


Citrix 

continued  from  page  17 

year  studying  Citrix’s  software 
before  deciding  to  invest  in  it. 
The  move  has  paid  off,  he  says: 
Citrix’s  software  lets  March 
of  Dimes  extend  its  PC  life 
cycles  from  four  years  to 
at  least  six,  centralize  its  previ¬ 
ously  disparate  fundraising 
databases,  and  consolidate 
dozens  of  servers  in  field 
offices  into  one  data  center 
near  March  of  Dimes’  White 
Plains,  N.Y.,  headquarters. 

The  organization  also  uses 
Citrix’s  GoToAssist  remote  sup¬ 
port  software  to  connect  IT 
help  desk  staffers  with  field 
employees.  The  software,  which 
lets  support  staff  view  users’ 
screens  and  fix  problems 
remotely,  has  led  to  quicker 
response  times  and  increased 
user-satisfaction  ratings,  accord¬ 
ing  to  Kauffman. 

“For  me,  the  big  part  of  the 
sale  is  that  we  can  mahe  these 
chapters  act  as  if  they're  in  one 


office,”  he  says.  “It  works  very 
well.” 

Kauffman  does  have  one 
gripe:  He  would  like  to  see 
Citrix  extend  Pocket  PC  support 
to  Palm  OS  devices,  which 
many  March  of  Dimes  employ¬ 
ees  use. 

Pricing  and  availability 

Citrix  Presentation  Server  4.0, 
Password  Manager  4.0  and  Ac¬ 
cess  Gateway  4.0  are  available 
individually  or  bundled  togeth¬ 
er  in  the  Citrix  Access  Suite.  All 
are  due  for  release  by  June. The 
Citrix  Access  Suite  has  a  retail 
price  of  $599  per  concurrent 
user.  Other  prices  are  available 
on  Citrix’s  Web  site. 

Citrix  also  announced  that  HP 
has  chosen  Citrix  as  its  preferred 
enterprise  single  sign-on  partner, 
and  is  offering  Citrix  Password 
Manager  as  an  integral  part  of 
the  HP  OpenView  Identity  and 
Access  Management  suite. 

Cowley  is  a  correspondent 
with  the  IDG  News  Service. 
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Finally,  A  Clear  “Right”  Choice 
in  Enterprise  E-mail  Security 

SurfControl  E-mail  Filter  5.0  has  broken  through,  setting  a  new 
standard  for  protection  against  spam  and  e-mail  borne  mali¬ 
cious  attacks.  Only  SurfControl  E-mail  Filter  gives  you  the 
world’s  most  continuously  updated  database  of  harmful  URLs, 
so  links  to  spyware  sites  can  be  blocked  at  the  gateway.  And, 
with  automated,  customized  reports,  it's  easier  than  ever  to 
gain  precise  visibility  into  your  business  operations  and 
ensure  legal  and  regulatory  compliance. 

Download  a  FREE  trial  today,  www.surfcontrol.com 
Or  call  us  at  1  800.368.3366. 


SurfControl 

Enterprise  Threat  Protection 
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Where  14-billion  Web  addresses  and  emails  get  directed. 

Where  2.7-billion  phone  connections  get  routed. 
Where  3,000  global  enterprises  get  secured. 
Where  $100-million  in  online  commerce  gets  transacted. 

Every  day. 
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VeriSign: 

Where  it  all  comes  together. 


Billions  of  times  each  day.  the  world  interacts  with  a  company 
you  may  not  realize  is  there.  One  that  is  driving  dynamic 
transformations  at  the  very  core  of  commerce  and  com¬ 
munications.  VeriSign.1'  Through  our  Intelligent  Infrastructure 
Services,  we  enable  businesses  and  individuals  to  find,  connect, 
secure,  and  transact  across  today’s  complex  Internet,  telecom, 
and  converged  networks. 


We  operate  the  systems  that  manage  .com  and  .net,  handling 
14-billion  Web  addresses  and  emails  every  day.  We  run  one  of  the 
largest  telecom  signaling  networks  in  the  world,  enabling  services 
such  as  cellular  roaming,  text  messaging,  caller  ID,  and  multi- 
media  messaging.  We  manage  network  and  user  security  for  over 


3,000  global  businesses  and  400,000  Web  sites.  And  we  handle 
over  30  percent  of  all  e-commerce  transactions  in  North  America, 


processing  $100-million  in  daily  sales.  As  next-generation  networks 
emerge  and  converge,  VeriSign  will  be  there,  deploying  the 

Intelligent  Infrastructure  Services  necessary  for  everything  from 

. 

RFID-enabled  supply  chains  to  inter-enterprise  VoIP  to  mobile  : 

and  rich  media  content  distribution. 

Whether  you’re  a  telecom  carrier  looking  to  rapidly  deploy  new  ;  ■,  ; 

services;  a  Fortune  500  enterprise  needing  comprehensive,  V.: 

proactive  security  services;  or  an  e-commerce  leader  wanting  ,J 

reduce  fraud,  we  can  help. 
gether.,M  V 
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to  securely  process  payments  and 
We’re  VeriSign.  Where  it  all  comes  together." 


©  2004  VeriSign.  Inc.  All  rights  reserved.  VeriSign,  the  VeriSign  logo. 
"Where  it  all  comes  together."  and  other  trademarks,  service  marks, 
and  designs  are  registered  or  unregistered  trademarks  of  VeriSign 
and  its  subsidiaries  in  the  United  States  and  in  foreign  countries. 


www.VeriSign.com 

Download  now:  Free  white  paper  on  Intelligent  Infrastructure  Services 


Monitor  and 
speakers  sold 
separately 


HP  Compaq  Business  Desktop  dx2000 


Acer  AcerPower™  F2  P5050  Desktop 


IBM  ThinkCentre™  A35 


Intel®  Pentium®  4  Processor  (2.80GHz) 
Memory:  256MB 
40GB  hard  drive 
10/100/1000  Ethernet 
Windows8  XP  Professional 


Intel®  Pentium®  4  Processor  505  (2.66GHz) 

Memory:  256MB 

80GB  hard  drive 

CD-ROM  drive 

Windows'  XP  Professional 


Intel®  Pentium®  4  Processor  330  (2.80GHz) 

Memory:  256MB 

40GB  hard  drive 

10/100/1000  Ethernet 

Windows"  XP  Professional 


DESKTOP 
CDW  739192 


DESKTOP 
CDW  749195 


DESKTOP 
CDW  751 559 


TRADE-IN 


TRADE-IN1 


TRADE-IN 


Recommended  accessories  and  services: 

HP  Compaq  512MB  memory  upgrade  $119  (CDW  586440) 

HP  Compaq  17"LCD  monitor  $329  (CDW  515635) 

HP  Care  Pack  3-year,  next  business  day,  9x5,  onsite  warranty 
upgrade  593  (CDW  514298) 


Recommended  accessories  and  services: 

SimpleTech  512MB  memory  upgrade  $88  (CDW  410843) 
Acer  3-year,  next  business  day,  onsite  warranty  upgrade 
$180  (CDW  652771) 


The  Technology  You  Need  When  You  Need  It. 

Upgrading  your  systems  means  upgrading  your  productivity.  At  CDW,  we  have  the  top-name  desktops, 
notebooks  and  servers  to  do  just  that.  Our  account  managers  provide  fast  answers  to  your  product 
questions.  And  with  access  to  the  largest  in-stock  inventories,  you'll  get  what  you  need  when  you  need 
it.  So  why  wait?  Get  new  systems  today  and  start  benefiting  tomorrow. 


The  Right  Technology.  Right  Away. 

CDW.com  •  800.399.4CDW 
In  Canada,  call  800.387.2173  •  CDW.ca 


Eligible  processors  include  Intel  Pentium  II.  Ill  or  Intel  Celeron;  AMD  processors  do  not  qualify;  trade-in  values  are  estimates  only;  actual  trade-in  values  may  vary  from  S25  to  SI  00;  all  products  must 
be  in  good  working  condition  and  have  a  fair  market  value;  call  your  CDW  account  manager  for  details;  offer  ends  6/30/05.  Offer  subject  to  CDW’s  standard  terms  and  conditions  of  sale,  available 
at  CDW.com.  ®  2005  CDW  Corporation 
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Cisco  wears  a  big  target,  plugs  I0S  leaks 


■  BY  PHIL  HOCHMUTH 

Even  as  Cisco  focuses  on  writing  more 
secure  software  and  diffuses  its  next-gener¬ 
ation  router  operating  system  across  more 
platforms,  observers  say  they  expect  the 
future  of  IOS  to  more  resemble  the  cyclical 
patch-and-update  state  of  Windows. 

That’s  because  Cisco  holds  more  than 
70%  of  the  market  for  routers,  and  like 
Microsoft  (which  runs  nine  out  of  10  desk¬ 
tops),  the  network  vendor  is  as  big  a  target 
as  ever,  analysts  say  Although  Cisco  says 
the  obscure,  behind-the-curtain  nature  of 
routing  operating  systems  had  in  the  past 
given  its  code  a  level  of  protection  against 
the  common  Windows  hacker,  executives 
in  the  firm  acknowledge  security  is  the 
top  concern  for  routing  technology  going 
forward. 

Cisco  last  month  announced  that  its 
12000  and  7600  series  routers  would  be  the 
next  platforms  to  run  IOS-XR  —  the  ven¬ 
dor’s  next-generation,  modular  router  oper¬ 
ating  system,  which  runs  network  services 
similar  to  applications  on  top  of  a  core 
kernel,  as  opposed  to  one  glob  of  inextri¬ 
cable  software  packages.  (IOS-XR  debuted 
with  Cisco’s  CSR-1  terabit-speed  router  last 
year). Cisco  says  this  Unix-like  approach  to 


routing  makes  systems  more  available  and 
harder  to  attack. 

But  the  same  week  that  Cisco  an¬ 
nounced  the  IOS-XR  platforms,  it  issued  a 
warning  that  IOS-XR-based  gear  could  be 
brought  down  by  the  misuse  of  the 
Internet  Messaging  Control  Protocol,  a 
management  protocol  used  to  check  the 
health  of  TCP/IP  networks. 

By  any  measure,  Cisco  is  not  the  only  net¬ 
work  vendor  with  product  vulnerabilities. 
The  US.  government’s  us-cert.org  security 
Web  site  listed  a  Juniper  advisory  in  Jan¬ 
uary,  regarding  a  highly  critical,  Multi-proto¬ 
col  Label  Switching-related  vulnerability  in 
its  JUNOS  operating  system  on  its  T-  and  M- 
Series  routers,  which  could  result  in  a 
denial-of-service  attack.  (Juniper’s  regular 
security  notices  are  only  available  to  cus¬ 
tomers.)  Similarly  many  network  vendors 
with  gear  that  works  with  or  is  based  on 
Windows  technology  also  release  frequent 
bulletins  tied  to  Windows  vulnerabilities; 
Nortel,  for  instance,  issued  17  such  bul¬ 
letins  this  year. 

Cisco  executives  say  there  is  no  immi¬ 
nent  disaster  looming  for  IOS,  but  there  is 
always  room  for  improvement. 

“We  are  very  open  about  any  security 

See  Cisco,  page  24 


ICMP  attacks 


■  HOW  IT  WORKS 


An  attacker  could  perform  a  denial-of-service  attack 
on  some  versions  of  Cisco  routers  by  spoofing 
Internet  Control  Message  Protocol  messages  from 
peer  routers,  telling  the  targeted  router  of  network 
problems  that  do  not  exist. 


O  An  attacker  sends  a  fake  “hard  ICMP  error”  message  to  an  Internet  host  and  modifies  the  packets  so  the  traffic 
apperars  to  be  coming  from  a  friendly  Internet  peer. 


©  The  target  router  thinks  the  ICMP  messages  are  from  friendly  devices  and  interprets  the  signal  as  a  serious 
network  problem,  for  which  there  is  no  possibility  of  recovery. 

©  The  attacked  router  terminates  TCP/IP  links  to  the  spoofed  friendly  machines.  The  continous  sending  of  the  spoofed 
ICMP  messages  by  the  attacker  could  make  the  router  inaccessible  for  a  length  of  time.  This  is  called  a  “blind 
connection  reset”  attack. 


Security  protocol  has  lots  of  work  ahead  of  it 


■  BY  JOHN  FONTANA 

The  security  protocol  that  began  to  in¬ 
crease  use  of  Web  services  on  corporate 
networks  is  now  a  year  old:WS-Security  has 
firmly  established  itself  as  a  foundation  IT 
can  trust  for  securing  XML-based  traffic, 
according  to  analysts  and  the  specifica¬ 
tion’s  co-author. 

The  protocol,  which  became  a  formal 
standard  in  April  2004,  has  become  so 
widely  accepted  that  it  is  now  seen  as  a 
core  Web  services  protocol  along  with  the 
Simple  Object  Access  Protocol  and  the 
Web  Services  Description  Language. 

But  despite  that  acceptance,  experts  say 
that  the  changing  landscape  around  Web 
services  and  service-oriented  architectures 
means  there  is  much  more  work  to  be 
done. 

WS-Security  provides  a  general-purpose 
method  for  building  integrity,  confidenti¬ 
ality  and  authentication  into  the  message 
exchange  that  permeates  any  communica¬ 


tion  among  Web  services  applications.  The 
protocol  integrates  technology  used  to 
secure  messages,  including  X.509  certifi¬ 
cates  and  Kerberos. 

What  WS-Security  solves  for  end  users  is 
the  question  of  how  to  pass  data  securely 
between  Web  services,  which  was  a  show- 
stopper  until  IBM,  Microsoft  and  VeriSign 
proposed  WS-Security  and  a  slate  of  six 
extensions  in  2002.The  protocol  eventually 
was  submitted  to  the  Organization  for  the 
Advancement  of  Structured  Information 
Standards,  which  made  it  a  standard  last 
year.  But  the  extensions  haven’t  progressed 
to  a  standards  track;  they  represent  the  next 
level  of  sophistication  for  the  protocol. 

“The  uptake  is  that  WS-Security  is  becom¬ 
ing  the  de  facto  standard  for  message-level 
security  in  Web  services,”  says  Tony  Nada- 
lin.the  co-author  of  WS-Security  and  IBM’s 
chief  security  architect.  “We  see  vendors, 
such  as  XML  firewall  vendors,  using  this  as 
a  way  to  get  message-level  protection.  We 
see  the  application  server  vendors,  IBM, 


Microsoft,  BEA  and  others,  starting  to  put 
this  into  the  stack  in  their  Web  services 
implementations.” 

Last  month  13  vendors,  including  IBM, 
Microsoft,  Oracle  and  Sun,  staged  a  WS- 
Security  interoperability  test  to  prove  that 
their  implementations  would  interoperate. 

And  in  July,  the  Web  Services  Inter¬ 
operability  Organization  is  expected  to  fin¬ 
ish  a  Basic  Security  Profile  that  will  detail 
the  minimum  requirements  around  secur¬ 
ing  Web  services  traffic. And  groups  such  as 
the  Liberty  Alliance,  which  is  developing 
identity  protocols,  have  incorporated  WS- 
Security  into  their  own  specifications. 

Nadalin  says  Version  1.1  of  WS-Security 
should  be  finalized  in  the  next  few  months 
and  will  add  encryption  for  message  head¬ 
ers  and  signature  confirmation,  which  is  a 
key  for  financial  transactions. 

“The  specification  has  improved  quite  a 
bit  since  it  was  first  proposed,”  says  Daniel 
Blum,  an  analyst  with  Burton  Group.  But 
the  next  step  to  standardize  extensions  will 


be  the  key 

“If  you  want  to  make  your  infrastructure 
more  dynamic  and  more  intelligent,  those 
extensions  are  pretty  important,”  Blum  says. 
“You  have  to  have  things  like  WS-Fblicy, WS- 
Trust  and  WS-Secure  Conversation  so  Web 
services  endpoints  can  interact  with  other 
endpoints  they  have  never  seen  before.” 

The  problem  is  that  those  extensions, 
which  were  included  in  the  original  draft 
of  the  WS-Security  specification  in  2002  are 
not  yet  complete  and  have  not  been  sub¬ 
mitted  to  a  standards  body  by  their  prim¬ 
ary  authors,  IBM  and  Microsoft.  Without 
these  standards, WS-Security  solely  remains 
a  means  to  securely  exchange  messages. 

“WS-Security  is  a  starting  point  for  secur¬ 
ing  Web  services,  and  it  was  never  meant  to 
be  anything  more  than  a  starting  point,” 
says  Jason  Bloomberg,  an  analyst  with 
ZapThink.“The  security  issue  now  is  estab¬ 
lishing  a  governance  infrastructure. 
Companies  have  to  understand  who  in  the 
See  Security,  page  24 
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infoblox  upgrades  appliances 


■  BY  CAROLYN  DUFFY  MARSAN 

As  more  companies  support  mobile 
access  to  network  resources,  they’re  find¬ 
ing  they  need  a  dynamic  infrastructure  for 
assigning  IP  addresses,  authenticating 
users  and  controlling  network  access. 
Infoblox,  a  leader  in  network  identity  appli¬ 
ances,  is  targeting  this  niche  with  a  spate  of 
new  product  announcements. 

Infoblox  this  week  is  expected  to 
announce  two  hardware  platforms,  an 
enhanced  operating  system  and  improved 
support  for  distributed  systems.  The  com¬ 
pany  provides  network  appliances  for  sev¬ 
eral  key  Internet  protocols  involved  with 
identity  management. 

Infoblox  sells  appliances  that  process 
queries  for  the  following  protocols:  DNS, 
DHCP  RADIUS  and  the  Lightweight  Direc¬ 
tory  Access  Protocol  (LDAP).  It  competes 
primarily  against  software  such  as  Micro¬ 
soft’s  Active  Directory  or  the  open  source 
BIND  application  running  on  general- 
purpose  servers. 

Infoblox  officials  say  more  companies 
are  interested  in  their  network  appliances 
as  they  migrate  to  wireless  LANs  (WLAN) 
and  need  to  support  office  roaming  by 
employees  and  customers.  These  compa¬ 
nies  need  to  dynamically  allocate  IP 
addresses  and  identify  and  authenticate 
users  as  they  move  from  one  location  to 


Controlling  DNS 

Infoblox  has  rolled  out  a  variety 
of  hardware  and  software  to  help 
users  manage  DNS. 


Infoblox  hardware 
Model  No. 


1000:  Works  with  DNSone  or 
RADIUSone,  has  an  optional  module 
for  distributed  virtual  services. 

1  Supports  150,000  DNS  records  and 
5,000  zones.  Handles  23,000  DNS 
queries  per  second. 


•  1200:  Works  with  DNSone,  has  an 

optional  module  for  distributed  virtual 
services.  Supports  300,000  DNS 
records  and  10,000  zones.  Handles 
30,000  DNS  queries  per  second. 


Software 


Network  Identity  operating  system: 
Latest  version  includes  improved 
failover  and  support  for  a  semantic 
database  engine  that  works  across 
protocols. 


•  DNSone  Version  3:  Features  new 

GUI,  support  fora  multi-protocol 
semantic  database  and  a  new 
module  for  distributed  environments. 


•  RADIUSone  Version  1.2:  Announced 
in  January,  this  version  supports  802.1 
authentication,  a  new  GUI  and  easier 
integration  with  back-end  databases. 


another  and  log  on  to  WLANs.  The  proto¬ 
cols  that  Infoblox  supports  let  companies 
create  this  type  of  dynamic  environment. 

“DNS  has  been  like  a  sleepy  backwater, 
but  I  don’t  think  it’s  going  to  stay  that  wayf 
says  Richard  Kagan,  vice  president  of  mar¬ 
keting  at  Infoblox.  “With  more  devices  on 
the  network  and  an  increasing  number  of 
attacks  on  the  network  infrastructure,  net¬ 
work  managers  are  going  to  have  to  coor¬ 
dinate  all  of  these  different  protocols  in  a 
way  that’s  never  been  done  before.” 

DNS  is  a  network’s  phone  book,  mapping 
alphanumeric  domain  names  to  IP 
addresses.  Its  companion  DHCP  provides 
IP  addresses  to  network  devices  that  want 
to  connect  to  the  network.  These  two  pro¬ 
tocols  are  supported  in  the  flagship  Info¬ 
blox  appliance,  the  DNSone. 

RADIUS  checks  user  names  and  pass¬ 
words,  while  LDAP  supports  a  database 
with  information  about  what  individual 
users  can  do  on  the  network.  These  two 
protocols  are  supported  in  Infoblox’s 
RADlUSOne  appliance. 

Infoblox  plans  to  offer  the  DNSone  and 


RADlUSOne  software  on  two  different 
hardware  platforms:  the  1000,  which  is  ship¬ 
ping  now,  and  the  1200,  which  is  scheduled 
to  ship  in  June. The  1200  is  a  higher-capac¬ 
ity,  higher-performing  appliance  geared 
toward  large  companies. 

The  Infoblox  Network  Identity  Operating 
System  is  available  on  both  hardware  plat¬ 
forms.  The  latest  version  offers  improved 
failover  capabilities,  including  support  for 
the  virtual  router  redundancy  protocol.  A 
new  option  provides  a  semantic  database 
that  works  across  all  four  protocols.  Buyers 
also  can  add  a  module  called  Keystone 
Distributed  Virtual  Services  for  distributed 
environments. 

Infoblox  also  has  upgraded  its  flagship 
DNS  and  DHCP  software,  which  is  available 
as  DNSone  Version  3.  Pricing  for  the  new 
systems  starts  at  about  $10,000. 

First  Tech  Credit  Union  of  Beaverton,  Ore., 
in  April  installed  two  Infoblox  1000  appli¬ 
ances  running  the  new  DNSone  Version  3. 
“The  installation  went  pretty  flawlessly’ says . 
Rob  McGee,  senior  network  security  engi- 
neer.“One  thing  1  like  is  the  new  interface.” 


An  early  customer  of  Infoblox,  First  Tech 
Credit  Union  recommends  taking  the 
appliance  approach  to  DNS  management. 

“A  few  years  ago,  we  were  using  an  old 
Windows  NT  box  for  our  primary  DNS  ser¬ 
vice,  and  we  had  nothing  but  trouble  with 
it  when  we  did  updates,  service  patches 
and  what  not.  It  was  very  unreliable,” 
McGee  says.  “The  device  Infoblox  sent  us 
was  an  early  model  —  right  out  of  the 
garage,  so  to  speak  —  but  it  easily  outper¬ 
formed  our  old  system  in  terms  of  uptime, 
reliability  and  ease  of  use.  Infoblox  has  had 
us  as  a  customer  since  then.  What  really 
keeps  us  coming  back  to  them  is  the  cus¬ 
tomer  support  they  offer!’ 

Infoblox  has  been  on  a  roll  lately  The 
Sunnyvale,  Calif.,  start-up  recently  closed  a 
$30  million  round  of  venture  capital 
financing,  bringing  the  total  investment,  up 
to  $65  million.  Last  fall,  Infoblox  hired 
Robert  Thomas,  former  CEO  of  NetScreen 
Technologies,  as  its  president  and  CEO. 

Infoblox  has  shipped  more  than  2,500 
appliances  and  has  more  than  500  corpo¬ 
rate  customers.lt  has  200  employees.  ■ 


Aventail  upgrade  controls  VPN  access 


Smart  Tunneling 


Aventail’s  Layer  3  tunneling  creates  a  network-layer  connection  but 
can  restrict  access  to  certain  applications. 


Q  Remote  user  connects  to 
Aventail  SSL  gateway  and 
downloads  a  Smart 
Tunneling  agent. 


V 


©  Ike  agent  and  gateway 
create  a  Layer  3  tunnel. 


©  The  gateway  controls 
what  applications  the 
remote  user  can  access. 
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■  BY  TIM  GREENE 

Aventail  this  week  is  upgrading  software 
for  its  SSL  VPN  appliances  with  features  that 
will  let  customers  set  policies  that  pare 
down  the  resources  remote  users  can 
reach. 

For  example,  Aventail’s  Smart  Tunneling 
policy  might  let  a  user  connecting  from  a 
corporate-issued  laptop  create  a  network- 
layer  tunnel  and  reach  all  LAN-attached 
corporate  resources.  But  if  that  user  con¬ 
nects  from  a  home  PC,  access  would  be 
restricted  to  e-mail  and  the  corporate 
intranet. 

The  software  runs  on  Aventail  SSL  VPN 
gateways  that  sit  between  corporate  net¬ 
works  and  the  Internet  to  support  remote 
access.  It  sets  up  Layer  3  tunnels  that  sup¬ 
port  virtually  all  applications,  whereas 
Layer  7  connections  that  SSL  supports 
natively  require  client  agents  or  port  map¬ 
ping  by  gateways  to  access  non-Web  appli¬ 
cations.  Some  customers  prefer  IPSec  as  a 
tunneling  technology  because  it  creates 
Layer  3  connections. 

Aventail  CEO  Evan  Kaplan  says  Smart 
Tunneling  can  fully  replace  remote-access 
IPSec  VPNs,  and  his  company  is  offering  a 
buyback  program  for  customers  with  Cisco 
and  Nortel  IPSec  VPN  gear  who  want  to 
switch  to  Aventail’s  SSL  boxes. 

The  new  software  supports  bidirectional 
policy  control,  meaning  businesses  can  set 
policies  about  whether  remote  machines 
can  be  accessed  by  devices  on  the  head¬ 
quarters  network  via  the  SSL  tunnel.  So  a 
policy  might  let  a  VoIP  call  reach  a  remote 


machine  via  the  tunnel  but  not  allow 
remote-control  connections  that  could 
take  over  the  remote  PC. 

The  upgrade  also  uses  technology 
called  Adaptive  Access  to  assign  remote 
machines  IP  addresses  for  their  SSL  ses¬ 
sions  that  won’t  overlap  with  private  IP 
addresses  in  the  networks  from  which 
they  are  connecting.  By  drawing  address¬ 
ing  information  from  the  network  inter¬ 
face  card  in  the  remote  device,  the 
Aventail  gear  generates  an  IP  address  for  it 
that  falls  outside  the  range  being  used 
locally  This  helps  prevent  resources  from 
becoming  unreachable  or  sessions  from 
dropping. 


“It  opens  up  a  tunnel  but  limits  the 
access  you  get  to  certain  applications 
depending  on  where  you  are,  what  band¬ 
width  you  have,  what  type  of  machine  you 
are  on,  things  like  that,”  says  Zeus 
Kerravala,  an  analyst  with  The  Yankee 
Group.  “Application  access  control  sits  on 
top  of  a  Layer  3  tunnel.” 

Competitors  Cisco  and  Juniper  can  set 
up  Layer  3  tunnels  with  their  SSL  gear  but 
require  passing  through  a  portal,  he  says. 
Aventail  allows  this  type  of  access  via  its 
portal  or  directly  he  says. 

The  upgrade  ships  standard  with  new 
Aventail  gear  and  is  a  free  upgrade  for  cus¬ 
tomers  with  service  contracts.  ■ 


SuperX  lO-GE  Switch  Family 

A  Unified  Architecture  for  Enterprise  and  Service  Provider  LAN  and  Metro  Infrastructures 


DENSITY  •  AFFORDABILITY  •  PERFORMANCE  •  CONVERGENCE  •  SECURITY 


FastIron"  SuperX 

High-Density  Edge 
and  Wiring  Closet 


Turbo l ron"'  SuperX 

lO-GE  Aggregation  and 
LAN/Metro  Core 


BIGIRON  SUPERX 


High-Performance  LAN  and 
Metro  Layer  3  Backbone 
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Wf  ith  the  performance  you  expect  from  Foundry — now  comes  the  price,  flexibility,  and  density  breakthrough  you’ve  been  waiting  for.  The  new 
SuperX  family  of  Layer  2/3  modular  switches  provides  the  industry’s  highest  Gigabit  Ethernet  and  10-GE  density  per  rack  and  the  lowest  10- 
GE  price  per  port  in  a  modular  switch.  The  SuperX  family  delivers  an  extensive  feature  set,  standards-based  Power-over-Ethernet,  support  for  full 
Layer  3  (including  OSPF  and  BGP4),  and  wire-speed  10-GE  solutions.  From  the  enterprise  to  the  service  provider  environment:  SuperX  is  the  right  choice! 


FastIron  SuperX 

•  EDGE  &  WIRING  CLOSET  SWITCH 

•  EXTENSIVE  QOS  AND 
SECURITY  FEATURES 

•  EASE  OF  UPGRADE  TO  POE 


TurboIron  SuperX 

•  lO-GE  AGGREGATION  AND  CORE  SWITCH 

•  PRE-CONFIGURED  WITH  16  lO-GE 
PORTS  PER  SWITCH 

•  INDUSTRY  LEADING  PRICE  OF 
LESS  THAN  $2,500/10-GE  PORT 


BigIrdn  SuperX 

•  ENTERPRISE  AND  METRO  L3 
BACKBONE  SWITCH 

•  HIGH-PERFORMANCE  LAYER  3 
ROUTING  PROCESSOR 

•  UP  TO  1  MILLION  ROUTES  AND 
200+  BGP  PEERS 


HIGH  DENSITY 

•  Up  to  204  Ports  GE-SFP  Mini-GBIC 

•  Up  to  204  Ports  10/100/1000 

•  Up  to  192  Ports  10/100/1000  PoE 

•  Up  to  16  Ports  10-GE 

High  Performance 

•  Wire- Speed  Every  Port 

•  Up  to  304  Mpps  Throughput 

•  510-Gbps  Switching  Capacity 

CONVERGENCE  READY 

•  Standards-Based  Power-over-Ethernet 

•  Purpose-Built  for  Data,  Voice  &  Video 

•  Integrated  Wired  &  Wireless  Support 

IRONSHIELD  SECURITY 

•  Wire-Speed  ACLs  &  Rate  Limiting 

•  Secure  Shell,  Secure  Copy,  SNMPv3 

•  DoS  Attack  Protection 

•  802.  lx  &  MAC  Authentication 
with  Dynamic  Policy 


APP  SERVERS 

FIBER  GIG  DISTRIBUTION  10/1  OO/I  ODD  AGGREGATION  GIG  AND  1  O-GE  DATA  CENTERS 
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FOUNDRY 

NETWORKS 

The  Power  of  Performance™ 


FOR  MORE  INFORMATION  PLEASE  CALL: 

US/CANADA  1  888  TURBOLAN, 

INTERNATIONAL  +1  408.586.1700 

OR  VISIT  OUR  WEBSITE  AT  WWW.FOUNDRYNET.COM/SX 

Foundry  Networks,  Inc.  is  a  leading  provider  of  high-performance  Enterprise  and  Service  Provider  switching,  routing  and 
Web  traffic  management  solutions  including  Layer  2/3  LAN  switches,  Layer  3  Backbone  switches,  Layer  4-7  Web  switches, 
wireless  LAN  and  access  points,  access  routers  and  Metro  routers. 
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continued  from  page  21 

vulnerabilities,”  says  Charles  Giancarlo, 
Cisco’s  CTO.  “We  were  the  first  vendor  to 
make  public  on  our  Web  site  all  of  the 
bugs  in  our  system.  We  do  the  same  thing 


for  our  vulnerabilities.” 

Regarding  10S,“it  is  a  large  code  base.  But 
the  quality  of  the  code  base  is  very  very 
good.  We  do  a  tremendous  amount  of  test¬ 
ing  for  vulnerabilities  inside  the  company 
he  says. 

Giancarlo  says  there  might  be  more  atten¬ 


tion  being  paid  to  Cisco  vulnerabilities 
now  than  in  the  past,  as  the  company 
moved  into  a  dominant  market  position 
and  raised  its  public  awareness  with  TV 
and  marketing  campaigns. 

“There  is  absolutely  no  question  we  are  a 
target,”  Giancarlo  says.  Cisco’s  network 


often  sees  attacks  on  its  Web  sites  or  inter¬ 
nal  network  double  after  one  of  the  firm’s 
TV  ads  airs  nationally  he  adds. 

Being  in  this  position,  with  such  a  wide 
installed  base,  also  helps  the  company  col¬ 
lect  data  on  new  kinds  of  network  attacks 
and  potential  vulnerabilities,  he  adds. 

But  the  task  of  strengthening  IOS  is  still  a 
work  in  progress,  others  say 

“IOS  has  had  a  number  of  these  kinds  of 
problems  in  the  past,”  says  Frank  Dzubeck, 
president  of  consultancy  Communications 
Network  Architects.“Cisco  would  quietly  fix 
them  and  not  make  a  big  deal  about  it. 
Now  you’re  starting  to  see  these  things 
come  more  regularly’ 

According  to  Cisco’s  Web  site,  10  advi¬ 
sories  have  been  published  this  year  so  far; 
27  were  published  last  year.  Twenty  were 
published  in  2003.  Overall  since  1996,  the 
number  of  published  security  advisories 
has  grown  by  an  average  of  five  per  year. 

“With  that  kind  of  a  situation, you  wonder 
how  many  other  holes  exist,”  Dzubeck  says. 
“The  question  now  is,  is  IOS  the  next 
Windows  in  terms  of  a  security  problem?” 

One  of  the  people  whose  job  it  is  to  pre¬ 
vent  this  from  happening  is  Jayshree  Ullal, 
senior  vice  president  and  general  manager 
of  Cisco’s  Security  Technology  Group, 
formed  in  July  2004  to  consolidate  all  Cisco 
security  development  efforts. 

Ullal  says  much  of  what  Cisco  is  doing 
now  in  terms  of  securing  IOS  is  playing 
catch-up  to  problems  for  which  IOS  was  not 
designed. 

“Five  or  10  years  ago,  we  didn’t  have  to 
worry  as  much  about  vulnerabilities  and 
attacks  and  the  kinds  of  issues  we’re  deal¬ 
ing  with  now/’ she  says.“A  lot  of  the  IOS  code 
that  was  written  was  written  without  inher¬ 
ent  awareness  to  vulnerabilities  or  attacks.” 

Although  it  has  always  been  Cisco’s  goal 
to  write  stable,  safe  IOS  software,  Ullal  says 
that  going  forward  there  will  be  a  specific 
attention  paid  to  potential  vulnerabilities 
and  attacks  in  IOS. 

“We  don’t  want  to  spend  the  rest  of  our 
lives  issuing  [security]  advisories,” she  says.  ■ 


Security 

continued  from  page  21 

organization  can  do  things,  how  they  are 
going  to  be  able  to  do  what  they  need  to 
do,  how  the  company  knows  the  rules  are 
being  followed  and  how  to  deal  with  any 
problems  or  exceptions.” 

To  do  that,  protocols  such  as  WS-Bolicy 
are  key  Bloomberg  says.  He  says  other 
emerging  protocols  such  as  WS-Notifica- 
tion  and  WS-Eventing  that  tie  into  WS- 
Security  also  figure  prominently 

IBM’s  Nadalin  says  the  goal  is  to  get  all 
the  WS-Security  protocol  extensions  to  a 
standards  body 

“It  is  not  the  intent  to  keep  [these  exten¬ 
sions]  to  ourselves,”  Nadalin  says.“It  is  not 
in  our  best  interest,  but  our  process  seems 
rather  lengthy  It  has  taken  longer  than  we 
originally  thought.  But  at  this  point,  1  think 
we  have  a  pretty  darn  good  foundation 
for  security’  ■ 


Enterprise  Applications  Soar 
for  Cathay  Pacific  Airways 


Without  Akamai,  there  is  no  way 
that  a  100 %  incr  ase  in  online 
bookings  would  have  occurred. " 
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Akamai  delivers  more  than  content.  We  deliver  improved  performs  ce  of  Cathay  Pa  :'s  dynamic 
online  applications,  allowing  passengers  and  agents  to  book  travel  and  check-in  for  reservatic  is 
online  with  ease.  We  deliver  hundreds  of  thousands  of  dollars  in  infrastructure  cost-savings,  enabling 
Cathay  Pacific  to  handle  increased  application  usage  without  investing  in  hardware.  Akamai  delivers 
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Array  TMX  Series 
Application  Front  Cnd 

Next-Generation  Load  8aloncing 
and  Traffic  Management 

Secure,  Accelerated 
Application  Delivery 

Highest  ROI  on  the  Market  Today 


Breakthrough  performance.  Massive  scalability. 

(larger  data  center  not  required) 


Let  Array  Networks  create  some  headroom  for  your  business- 
critical  applications.  Sure,  Array  is  trusted  by  four  of  the  world's 
top  ten  banks,  and  by  five  of  the  world's  top  ten  communications 
service  providers.  But  our  powerful  secure  access  and  application 
acceleration  solutions  grow  as  you  do.  With  Array  Networks, 
headroom  isn't  a  representation  of  how  small  you  are.  It's  a 


Array  SPX  Series 
Enterprise  SSL  VPN 

Enterprise-Class  Remote  Access 

8est  Performance  on  the  Market 
Today 

Scalable  to  Meet  Your  Needs 

Supports  and  Accelerates  All 
Applications 


measure  of  how  big  you  can  become. 
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A  lot  of  products  claim  to  reduce  the  complexity  and  cost  of  enterprise 
backup.  But  one  actually  delivers — the  Scalar®  i2000,  part  of  the  growing 
iPlatform™  family  from  ADIC,  the  leading  provider  of  tape  libraries  for 
open-systems  backup.  * 

Embedded  intelligence.  The  Scalar  i2000  is  the  first  library  to  integrate 
advanced  management  functions — proactive  monitoring,  built-in  partitioning, 
automated  diagnostics,  and  I/O  management — so  it  delivers  faster  and  more 
reliable  backup  and  uses  less  of  your  budget,  time,  and  staff. 

Faster  resolution,  fewer  service  calls.  Smarter  diagnostics  and  dedicated 
service  teams  mean  fewer  interruptions  and  faster  resolution.  The  Scalar 
i2000  requires  half  the  service  calls  of  conventional  libraries.  And  the 
worldwide  ADIC  service  team  solves  problems  before  customers  see  them. 

Capacity  on  demand.  As  its  name  suggests,  the  Scalar  i2000  is  designed  to 
scale  with  your  storage  needs.  So  you  don't  have  to  worry  about  running  out 
of  space  or  paying  for  more  than  you  need. 

After  all,  you  were  hired  to  use  your  brains  for  more  important  things. 

^Market  share  from  Gartner  Dataquest,  Tape  Automation  Systems  Market  Shares,  2003,  F.  Yale,  April  2004. 


Visit  www.adic.com/i2k  to  get  your  free  Aberdeen  Group  white  paper: 

Taking  an  Intelligent  Step  Forward  in  Tape  Backup  and  Restore. 
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Available  through  EMC  Corporation,  your  complete  source  for  information  lifecycle 
management  solutions.  Call  your  local  ADIC  or  EMC  sales  representative  for  more  information. 

Copyright  2005  Advanced  Digital  Information  Corporation  (ADIC),  Redmond,  WA,  USA.  All  rights  reserved.  Created  in  USA. 
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Novell  preps  Linux/NetWare  upgrade 


■  BY  ROBERT  MCMILLAN 

Just  one  month  after  shipping  its  merged 
Linux/NetWare  operating  system,  called 
Open  Enterprise  Server,  Novell  is  planning 
a  major  update  to  the  product,  scheduled 
to  be  released  by  the  first  half  of  2007. 

The  next  version,  code-named  Cypress, 
will  merge  a  future  version  of  NetWare  as 
well  as  Version  10  of  the  company’s  SuSE 
Linux  Enterprise  Server,  which  is  expected 
to  begin  shipping  in  the  first  half  of  2006. 

Cypress  is  particularly  important  to  Novell 
as  it  looks  to  move  to  a  Linux-based  prod¬ 
uct  line  as  a  means  of  remaining  viable  in 
the  market.  Novell’s  once-dominant  Net¬ 
Ware  operating  system  now  represents  just 
less  than  6%  of  worldwide  server  installa¬ 


tions,  according  to  IDC. 

Cypress  will  include  new  desktop  inte¬ 
gration,  Linux  clustering  and  storage  soft¬ 
ware,  as  well  as  tools  to  help  Windows  and 
NetWare  users  migrate  to  the  product. 

“You  can  think  of  it  as  a  vision  that’s  going 
to  drive  a  lot  of  things  that  we  will  be 
developing,” says  Hugo  Parra,  product  man¬ 
agement  lead  with  Novell’s  Platform 
Services  Group. 

While  OES  1 .0  was  designed  to  smooth  the 
Linux  transition  for  NetWare  users  by  pro¬ 
viding  them  with  familiar  tools  and  services 
on  a  Linux  kernel,  Cypress  will  be  focused 
on  attracting  Windows  users,  Parra  says. 

To  that  end,  it  will  include  migration  tools 
designed  to  help  users  move  from  Windows 
Web  e-mail  servers,  and  management  soft¬ 


ware  for  managing  Samba  file-and-print 
software  from  Novell’s  iManager  console. 

Cypress  also  will  include  better  Linux 
monitoring  and  management  tools,  im¬ 
proved  integration  between  the  Linux 
desktop  and  Cypress  identity  and  manage¬ 
ment  services,  and  Linux  support  for  the 
Novell  Storage  Services  file  system,  accord¬ 
ing  to  Novell’s  road  map. 

The  plan  calls  for  the  release  of  three  ser¬ 
vice  pack  updates  to  Open  Enterprise 
Server:  one  in  June;  a  second  in  February 
2006;  and  a  third  later  that  year.  The  releas¬ 
es  are  expected  to  be  made  in  conjunction 
with  upgrades  to  SuSE  Linux  Enterprise 
Server  9,  the  road  map  states. 

This  November,  Novell  plans  to  begin  sell¬ 
ing  a  version  of  Novell  Cluster  Services  for 


Linux  as  a  stand-alone  product.  At  the  same 
time,  it  plans  to  release  a  version  of 
Business  Continuance  Clustering  in  OES. 

The  most  important  job  ahead  for 
Novell  is  to  make  sure  that  its  NetWare 
services,  many  of  which  have  been  nomi¬ 
nally  ported  in  the  first  version  of  OES, 
run  as  smoothly  on  Linux  as  they  do  on 
NetWare,  says  Gary  Hein,  an  analyst  with 
Burton  Group. 

“Most  of  this  is  about  porting  over  to 
Linux  what  they  already  have,”  Hein  says. 
“It’s  one  thing  to  get  a  feature  from  NetWare 
to  Linux.  It’s  another  thing  to  get  it  there 
correctly  and  optimized.” 

McMillan  is  a  correspondent  with  the  IDG 
News  Service. 


Consortium  seeks  to  make  grids 
more  enterprise  network  ready 


■  Sepaton  announced  last  week  an 
enhanced  version  of  its  virtual  tape 
library  appliance,  which  lets  compa¬ 
nies  back  up  data  to  disk  as  if  it  were 
tape.  The  Sepaton  S2100-ES2  includes 
the  ability  to  back  up  data  at  up  to 
4.3T  byte/hour  and  to  scale  from  3T 
bytes  to  more  than  IP  byte  of  storage. 
Sepaton’s  previous  appliance  topped 
out  at  200T  bytes.  The  S2100-ES2  also 
allows  data  to  be  moved  from  one  vir¬ 
tual  library  to  another  and  for  data  to 
be  compressed  according  to  rules  the 
IT  administrator  sets.  The  S2100-ES2 
now  emulates  four  times  as  many 
tape  libraries  —  previously  it  emulat¬ 
ed  only  16  libraries  from  StorageTek, 
Quantum,  ADIC  and  IBM,  among  oth¬ 
ers.  The  Sepaton  S2100-ES2  starts  at 
less  than  $60,000. 

■  NSI  Software,  a  maker  of  high 
availability  and  data-replication  soft¬ 
ware,  has  named  Dean  Goodermote 
as  CEO.  He  replaces  Don  Beeler, 
who  is  stepping  down  after  serving 
as  CEO  since  the  privately  held  com¬ 
pany’s  launch  in  1991.  Goodermote 
had  been  CEO  of  Clinsoft  and 
Process  Software,  and  had  been 
chairman  and  president  of  MRO 
Software. 


■  BY  JENNIFER  MEARS 

A  consortium  led  by  HP  IBM  and  others 
to  promote  commercial  adoption  of  an 
open  source-based  grid  computing  tool  kit 
says  a  new  version  of  the  software  will 
make  it  easier  for  companies  to  roll  out  dis¬ 
tributed  computing  environments. 

Grid  computing  has  been  moving  be 
yond  its  academic  and  scientific  roots  as 
enterprise  network  operators  recognize 
that  distributing  workloads  can  result  in 
better  hardware  utilization.  But  in  many 
cases  issues  such  as  lack  of  standards, 
questions  about  security  and  complexity 
have  held  up  deployments. 

The  Globus  Consortium  says  the  revised 
Globus  Toolkit,  which  incorporates  more 
Web  services  standards  and  new  security 
and  authorization  features,  is  designed  to 
address  such  issues.  It  can  be  downloaded 
at  www.globustoolkit.org. 

The  Globus  Alliance,  which  owns  the  tool 
kit  and  leads  development  work  around  it, 
began  the  move  to  bring  Web  services  stan¬ 
dards  into  the  framework  with  the  GT3 
release  about  18  months  ago. 

“But  GT3  was  far  from  enterprise-ready.  It 
was  a  first,  a  prototype  of  how  one  might 
apply  Web  services,”  says  lan  Foster,  a 
board  member  of  the  Globus  Alliance  and 
associate  director  of  the  mathematics  and 
computer  science  division  of  Argonne 


Standardizing  grids 

The  Globus  Toolkit  is  a  package  of 
standards-based  software 
services  and  libraries  that  can  be 
used  together  or  separately  to 
deploy  grids.  It  includes  tools  for: 


•  Resource  allocation,  monitoring  and 
management 

•  Security,  including  single  sign-on 
authentication  and  access  rights. 


•  Data  discovery  and  management. 

•  Data  access  and  portability. 


Communication  among 
heterogeneous  environments. 


Fault  detection. 


National  Laboratory,  where  the  alliance  is 
partly  based. 

Among  the  Web  service  standards  avail¬ 
able  in  GT4  are  Web  Services  Interoper¬ 
ability  to  ensure  that  heterogeneous  envi¬ 
ronments  work  together;  Web  Services 
Security,  including  Security  Markup  Lan¬ 
guage  and  Extensible  Access  Control 
Markup  Language;  and  Web  Services  Relia¬ 
bility  and  Web  Services  Resource  Frame¬ 


work  specifications  to  enable  grid  re¬ 
sources  to  be  managed  and  shared  in  a 
Web  services  environment. 

“In  the  past,  things  were  very  proprietary 
Everybody  invented  his  own  specific,  low- 
level  implementation  so  that  resources 
could  talk  to  each  other,”  says  Wolfgang 
Gentzsch,  managing  director  of  grid  and 
networking  services  at  MCNC,  a  private 
nonprofit  established  to  foster  technology- 
led  economic  development  and  job  cre¬ 
ation  throughout  North  Carolina. “Now  it’s 
standardized.” 

MCNC,  in  Research  Triangle  Park,  N.C., 
conducted  test  bed  work  with  GT4  and 
found  it  to  be  more  solid  and  easier  to 
implement  than  previous  versions.  “GT2 
took  a  couple  of  months  to  install  and  have 
up  and  running.  It  took  us  two  days  to  get 
GT4  up,”  he  says.  “There’s  a  real  nice 
improvement  in  user-friendliness.” 

In  addition,  with  the  tool  kit  being  based 
on  widely  accepted  and  tested  Web  ser¬ 
vices  standards,  customers  are  not  trapped 
into  proprietary  offerings.  Globus  tool  kit- 
based  products  are  available  from  major 
systems  vendors  such  as  HP1BM  and  Sun. 

“Now  if  there  is  a  component  the  cus¬ 
tomer  doesn’t  need  anymore  or  which  he 
is  not  satisfied  with,  or  doesn’t  like  any¬ 
more,  he  can  just  get  rid  of  it  and  plug  in 
another  one  and  —  ideally  at  least  —  it 
works,”  Gentzsch  says.  ■ 
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Apple:  Predator  or  protagonist? 


The  big  news  last  week  on  the  PC  front, 
at  least  according  to  the  general 
press,  was  the  release  of  a  new  version 
of  the  Macintosh  operating  system  —  the 
one  that’s  been  touted  by  the  code  name 


Tiger,  as  in  the  hypothetical  headline  “Apple 
unleashes  Tiger  to  roam  the  streets  of 
Redmond.” 

“We’re  leading  the  operating  system  race 
and  others  are  following  our  taillights,” 


I  convinced  my  boss  to  get 
this  big  honkin’  collaboration 
infrastructure  only  a  genius 
like  me  could  ever  use. 
Check  it  out  on  my  blog 
at  www.frankwillis.com 


-  Frank  Willis 


Apple’s  Steve  Jobs  says.  I  guess  it  all  de¬ 
pends  on  how  you  keep  scoreTo  put  it  into 
perspective,  Apple  could  double  or  triple 
its  installed  base  and  still  be  little  more 
than  a  tiny  blip  on  the  operating  system 
radar.  Microsoft  still  would  control  the  CPU 
on  more  than  90%  of  the  PCs  in  the  world. 

This  is  Apple’s  fourth  release  in  five  years 
—  and  the  company  seems  proud  of  that 
fact.  It’s  like  a  throwback  to  the  days  where 
competitors  were  judged  based  on  which 
had  the  bigger  version  number  (for  exam¬ 
ple,  “New  AOL  5.79!”).  But  what,  exactly  is 
new,  different  or  revolutionary  in  the  new 
operating  system? 

Last  week’s  San  Jose  Mercury  News  (see 
www.networkworld.com,  DocFinder:  6935) 
said:  “It  is  the  first  operating  system  to  in¬ 
corporate  and  expand  upon  the  intensive 
hard-drive  search  popularized  by  Google.  It 
also  fetches  the  kind  of  up-to-the-minute 
stock,  weather  and  flight  information  typi¬ 
cally  found  on  Web  sites  like  Yahoo.  Apple 
even  improved  on  RSS  news  and  blog 
feeds  and  integrates  them  into  its  Safari 
Web  browser? 

These  are  the  highlights,  the  things  that, 
the  story  says, “make  Tiger  innovative,  rather 
than  merely  iterative.”  But  there’s  nothing  in 
that  list  that  I  can’t  (and  don’t)  do  today 
from  my  Windows  2000  desktop,  never¬ 
mind  what  you  can  do  with  Windows  XP 
Pro  on  your  PC.This  is  all  evolutionary  not 
revolutionary 

It  appears  that  what  Apple  has  done  is  to 
take  meaningful,  desirable  third-party  ser¬ 
vices  and  applications  and  “roll  their  own" 
inside  the  operating  system,  thus  present¬ 
ing  users  with  a  fuller  package  of  features. 
Of  course,  the  third  parties  that  had  been 
providing  these  services  as  add-ons  now 
are  left  out  in  the  cold. 

When  Microsoft  does  this,  it’s  de¬ 
nounced  as  a  predator  and  a  monopolist. 
When  Apple  does  it,  it’s  praised  as  an  inno¬ 
vator.  Still,  if  Microsoft  didn’t  have  Apple  to 
point  to  as  “competition,”  there  might  be 
more  calls  for  government  regulation  of 
monopoly  operating  systems.  We  certainly 
don’t  want  government  bureaucrats 
designing  our  server  and  desktop  envi¬ 
ronments. 


Ipswitch  Collaboration  Suite,  the  solution  for  small 
and  mid-sized  business  collaboration  that  just  works. 
Use  Microsoft®Outlook®  or  your  browser  to  connect 
to  a  powerful  industry-leading  messaging  server.  Communicate  in  real  time  with  anyone 
in  your  company  using  secure  instant  messaging.  Streamline  group  collaboration  with 
shared  calendars  and  free-busy  meeting  scheduling.  Reduce  junk  e-mail  and  stop 
viruses.  All  this,  and  Ipswitch  Collaboration  Suite  is  easy  to  install,  manage  and  use. 
Play  it  “safe"  like  Frank.  Or  be  smart.  Go  to  www. i pswitch , com  and  find  success 
with  Ipswitch  Collaboration  Suite. 


IPSWITCH" 


Collaboration  Suite 


■  Smart 


■  Proven 


■  Reliable 


■  60  million 

mailboxes  worldwide 


i  pswi  r c  h 


www.ipswitch.com  or  call  800-793- 


©2005  Ipswitch,  Inc.  All  product  names  are  the  property  of  their  respective  owners. 


Kearns,  a  former  network  administrator,  is 
a  freelance  writer  and  consultant  in  Silicon 
Valley.  He  can  be  reached  at  wired @ 
vquill.com. 


Tip  of  the  Week 


nuwp  To  see  what  happens  when 

sS#ass  8  government  bureaucrats 

do  get  involved  in  designing 
computer  environments, 
read  the  history  of  the  ADA 
programming  language 
(DocFinder:  6936)  and  pay 
attention  to  the  timelines. 


THE  CEO  IS  WATCHING. 
THE  BOARD  IS  W  CHING. 
EVERYONE  IS  WATCHING 


With  so  much  riding  i  yo  ir  high  profile  IT  projects,  you  can’t 
afford  to  overlook  testing.  IT  failures  strike  at  the  worst  ti me,  you  never 
See  them:  coming,  and:  the  consequences  are  often  devastating.  And  a  highly 
visible  failure  wilt  undermine  your  company’s  credibility.  Not  to  mention  your 
credibility.  Luckily,  Spirent  can  help.  Our  network  testing  solutions  allow  you  to 
test  your  voice,  video,  and  data  applications  before  you  deploy  them..  You  can 
mini;  \  the  chance  of  failure.  You  can  isolate  security  vulnerabilities.  And  you 
can.  n-Ls<>. reduce  operating  costs.  Download  our  revealing  white  paper  online  at 
www.spirentcom.com/strategiclT  or  call  1-800-927-2660. 

Analyze  Assure  Accelerate 
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Unix  not  standing  pat  in  data  centers 


BY  JENNIFER  MEARS 


Alpine  Electronics, probably  best  known  for  its 

booming  car  stereos,  got  a  bang  of  its  own  when  it 
moved  its  ERP  environment  to  IBM  pSeries  Unix 
servers  that  enable  the  electronics  manufacturer  to 
dynamically  allocate  workloads  and  get  more  out  of  its 
systems. 

Vasile  Giulea,  IS  manager  at  the  firm  in  Torrance,  Calif., 
says  he’s  cut  costs  by  about  20%  by  consolidating  onto 
the  Unix  servers.  It’s  a  project  that  started  in  2003  when 
the  company  decided  to  move  from  HP-UX  boxes  run¬ 
ning  Oracle  applications  to  the  pSeries  servers  running 
applications  from  SAP 

Giulea  says  the  major  reason  is  that  IBM’s  AIX  operat¬ 
ing  system  provided  enhanced  partitioning  capabilities 
that  let  him  run  isolated  development,  quality  control 
and  production  instances  on  the  same  server,  but  allo¬ 
cate  server  resources  on  the  fly. 

“We  had  a  requirement  for  power  on  demand,  mean¬ 
ing  that  we  could  change  the  CPU  and  the  memory 
based  on  the  need.  So,  for  example,  if  we  are  at  month’s 
end  and  we  have  a  heavy  process,  we  can  take  the 
memory  and  CPU  from  development  or  quality  control” 
and  add  it  to  the  production  instance,  he  says.“IBM  at 
that  time  was  the  leader  in  this  technology’ 

With  those  capabilities,  Giulea  was  able  to  consolidate 
his  ERP  environment  on  fewer  servers,  which  resulted 
in  reduced  management  demands  and  lower  licensing 
costs,  he  says. 

In  growing  numbers,  businesses  are  looking  at  increas¬ 
ingly  sophisticated  Unix  operating  systems  as  an  ideal 


II  Mainframes  have  a  very  high 
level  of  automation  and  workload 
management  and  the  Unix  system 
is  getting  very  close  to  that.  1 1 

Dan  Olds 

Principal,  Gabriel  Consulting  Group 


platform  for  consolidating  critical  workloads.  While 
Windows  and  Linux  nip  at  Unix’s  heels,  Unix  has  matured 
to  the  point  where  it  is  able  to  handle  workloads  in  a 
manner  once  restricted  to  mainframe  environments. 

“Mainframes  have  a  very  high  level  of  automation  and 
workload  management  and  the  Unix  system  is  getting 
very  close  to  that,”  says  Dan  Olds,  principal  at  Gabriel 
Consulting  Group. 

Since  2003,  rival  Unix  vendors  HP  and  Sun  have  added 
logical  partitioning  capabilities  similar  to  what  drew 
Giulea  to  IBM's  AIX.  And  Unix  innovation  continues. 

IBM,  for  example,  last  summer  introduced  sub-CPU 
partitioning  in  its  AIX  5.3  release,  enabling  users  to  slice 
a  CPU  into  as  many  as  10  partitions.  Previously  parti¬ 
tions  could  only  be  as  small  as  one  CPU.  HP  plans  to 
add  sub-CPU  capabilities  for  HP-UX  on  Integrity  servers 
in  the  second  half  of  this  year,  says  Mary  Ellen 


Useful  Unix 

A  Gabriel  Consulting  Group  survey  of  150  large 
organizations  found  that  41%  have  consolidated 
key  business  applications  on  Unix  and  are  seeing 
benefits  as ;  result: 


Nearly  75%  report  higher  utilization  rates. 

Almost  95%  have  seen  lower  overall  hardware 
requirements. 

More  than  80%  say  consolidation  makes  it  easier 
to  manage  service-level  agreements. 

About  75%  say  consolidation  has  streamlined 
server  management. 


Lewandowski,  HP-UX  marketing  manager  for  business- 
critical  servers  at  HP 

In  Solaris  10,  released  earlier  this  year,  Sun  added 
Solaris  Containers,  enabling  users  to  isolate  software 
partitions  all  running  under  a  single  instance  of  the 
operating  system. 

Workload  management 

Across  the  board,  Unix  vendors  are  looking  not  only  at 
how  to  slice  up  the  Unix  systems  but  also  how  to 
improve  workload  management  so  that  users  can  get 
more  out  of  their  hardware. 

In  the  past,  customers  typically  would  run  just  one 
critical  business  application  per  Unix  server.  However, 
Unix  vendors  are  making  their  operating  systems  per¬ 
form  better,  when  it  comes  to  running  multiple  critical 
applications  —  improving  virtualization,  and  partition¬ 
ing  and  enabling  automated  system  and  workload 
management. 

As  a  result,  business  customers  are  finding  that  Big  Iron 
Unix  systems  are  a  perfect  platform  for  consolidation. 

“If  you  read  the  conventional  wisdom  it  has  said  that 
Unix  servers,  particularly  big  Unix  servers,  are  these  old 
expensive  dinosaurs  and  they’re  going  to  be  supplanted 
by  huge  numbers  of  really  small  servers  running  Win¬ 
dows  or  Linux,"  Olds  says.“It’s  not  the  case.” 

A  study  that  Olds  conducted  of  150  Unix  customers 
late  last  year  found  that  41%  are  taking  advantage  of  the 
stepped-up  capabilities  in  Unix  to  consolidate  onto  the 
powerful  boxes. 

As  a  result,  customers  are  able  to  run  their  systems  at 
higher  utilization  rates  and  are  seeing  cost  savings 
because  they  have  to  buy  less  hardware  and  therefore 
have  fewer  servers  to  manage,  Olds  says. 

“What  has  changed  in  the  last  few  years  or  so  is  that 
the  operating  system  has  gotten  a  whole  heck  of  a  lot 
better  at  doing  workload  management  and  vendors 
have  come  up  with  better  ways  to  slice  up  these 
machines,”  he  says. 

Connectivity  product  manufacturer  Belkin,  for  exam¬ 
ple,  was  able  to  consolidate  1 1  Sun  servers  onto  one  HP 
Superdome,  thanks  to  the  enhanced  capabilities  in  HP- 
UX,  says  John  Adcock,  network  services  manager  at  the 
Compton,  Calif.,  company. 


“The  framework  of  Sun’s  architecture  produced  the 
‘one  application,  one  server’  production  environment 
for  risk  mitigation,” he  says.“By  utilizing  HP-UX  lli  and 
partitioning  using  virtual  server  environment  on  the 
Superdome,  your  options  are  virtually  unlimited.” 

Adcock  says  he  uses  a  combination  of  nPar,  hard  par¬ 
tition  at  the  cell-board  level,  and  vPar,  soft  partitions  that 
can  exist  within  nPars  and  HP’s  instant  capacity  on 
demand  to  ensure  that  the  applications  residing  on  the 
Superdome  get  the  power  they  need  when  they  need  it. 

“I  sleep  well  at  night,”  he  says.“The  performance  and 
reliability  of  the  HP  9000  Superdome  running  HP-UX 
lli  and  partitioning  using  virtual  server  environment 

. . .  become  a  panacea _ I  have  never  lamented  my 

decision.” 

Analysts  say  it  is  features  such  as  detailed  partitioning 
and  workload  management  that  will  keep  Unix  systems 
relevant  in  data  centers  even  as  Windows  and  Linux 
mature. 

“Software  tools  like  workload  management,  capacity 
on  demand,  dynamic  provisioning  tools  and  partition¬ 
ing  tools  —  all  these  kinds  of  things  are  far  more 
mature  on  Unix  today  than  they  are  on  the  Windows  or 
Linux,”  says  Andrew  Butler,  vice  president  and  distin¬ 
guished  analyst,  server  technologies,  at  Gartner. 

“But  that’s  not  set  to  stay  that  way  forevermore,”  he 
says.“By  the  end  of  this  decade  you’ll  be  able  to  do 
things  with  Unix  that  you  can’t  do  with  Windows  and 
Linux,  but,  frankly  very,  very  little.” 

Unix's  future 

Unix  had  its  heyday  in  the  late  1990s  and  early  2000s, 
but  the  dot-com  bust  coupled  with  the  slowing  econo¬ 
my  forced  IT  managers  to  be  more  cost  conscious, 
which  resulted  in  a  downturn  in  the  Unix  market.  While 
Unix  accounted  for  41%  of  the  market  in  2001,  it  gar¬ 
nered  just  34%  in  2004,  which  dropped  it  to  the  No.  2 
position,  behind  Windows,  for  the  first  time.  Gartner  pre¬ 
dicts  that  Unix  will  hold  a  29%  share  in  2008  and 
Windows  will  increase  its  market  size  to  nearly  40%. 
Meanwhile,  Linux  is  expected  to  grow  from  just  less 
than  3%  in  2001  to  more  than  15%  in  2008. 

But  don’t  expect  Unix  systems  to  disappear,  analysts 
say  Pricing  pressures  in  the  market  have  resulted  in 
revenue  declines,  which  is  good  news  for  customers 
looking  to  use  the  powerful  features  in  Unix  to  consol¬ 
idate  distributed  workloads.  Unix  is  still  a  $20  billion 
market. 

“Unix  has  definitely  taken  a  bad  rap  because  Unix 
RISC  servers  were  seen  as  being  too  expensive.  But 
price  points  have  come  down,”  says  Jean  Bozman.vice 
president  of  global  enterprise  server  solutions  at  IDC. 
“We  still  see  substantial  shipments.”  ■ 


Read  Jennifer  Mears’  report  on  IBM's 
compact,  low-end  Unix  box  based  on 
the  Powerb  processor. 
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Intel®  Xeon™  Processor  power,  more  expandability  and  more  manageability.  For  less  money.  The  HP  ProLiant  ML150  G2  gives  you  the  power  and 
reliability  you  need  now  with  room  to  grow  as  your  business  grows.  It  has  dual  Xeon™  Processor  capability  and  hot-pluggable  SATA  or  SCSI  drives 
that  can  be  replaced  without  powering  down.  There's  even  room  for  up  to  eight  gigabytes  of  ECC  memory  for  added  reliability  and  six  I/O  cards  for 
maximum  flexibility.  Try  to  get  that  level  of  expandability  from  our  competitors  at  this  price.  And  only  HP  offers  a  remote  management  option  with  its 
Lights-Out  100  Card.  Add  a  DAT  72  tape  drive,  and  your  compliance  and  backup  issues  are  addressed— more  securely  and  affordably.  These  are  just 
two  HP  Smart  Office  Solutions  that  give  you  more  expertise,  technology,  more  service  and  more  support.  To  get  more  without  paying  more,  run  over  to  HP. 


Save  up  to  $203 


HP  ProLiant  ML150  SERVER 

$925 

•  Intel®  Xeon™  Processor  (3GHz 
Dual-Processor  Capable)2 

•  512MB  PC2700  DDR  ECC  SDRAM 

•  Broadcom  5721  PCI-Express  Gigabit  NIC 
(embedded) 

•  4  Port  SATA  Adapter  in  a  PCI  slot(optional  SATA 
RAID  Controller  available) 

•  80GB  SATA  Hard  Disc  Drive  (Hot-Plug 
Capable)5 

•  48X  IDE  CD  ROM  Drive,  floppy  drive4 

•  5U  Tower  Chassis 

•  Hardware  limited  warranty,  1-year  parts,  1-year 
labor,  1 -year  on-site  support3 


Add  secure  backup. 


HP  Storage  Works 
DAT  72  TAPE  DRIVE 

-  72GB  (using  2:1  compression)  on  a  single  cartridge 

-  21.6GB/hr.  maximum  transfer  rate  (compressed) 

-  Reads  and  writes  DAT  72,  DDS-4  and  DDS-3  media 

-  Includes  One-Button  Disaster  Recovery  for  quick 
service  restores 

$799 

$100  instant  savings 

($899  -  $100  instant  savings  =  $799)* 


invent 


MORE  ADVICE 


MORE  TECHNOLOGY 


Save  even  more  with  HP  Smart  Buys. 

See  our  site  below  for  more  choices  and  more  savings. 


CALL 

1-888-277-9608 

CLICK 

www.hp.com/go/ML150mag8 

VISIT 

your  local  HP  reseller 

[ 

I 

i 

i 

■i 


Prices  shown  are  HP  Direct  prices;  reseller  and  retail  prices  may  vary.  Prices  shown  are  subject  to  change  and  do  not  include  applicable  state  and  local  taxes  or  shipping  to  recipient's  address.  Offers  cannot  be  combined  with  any  other  offer  or  discount,  are  good  while  supplies  last 
and  are  available  from  HP  Direct  and  participating  HP  resellers.  All  featured  offers  available  in  U.S.  only.  1 .  Savings  based  on  HP  published  list  price  of  configure-to-order  equivalent.  2.  Intel’s  numbering  is  not  a  measurement  of  higher  performance.  3.  Certain  warranty  restrictions 
and  exclusions  may  apply.  For  complete  warranty  details,  call  1-800-345-1518  (U.S.).  4. 48X  Max  CD-ROM  Drive  data  transfer  rates  vary  from  6,750  Kbps  to  7,800  Kbps.  5.  For  hard  drives,  GB=billion  bytes.  6.  $100  instant  savings  offer  valid  on  qualifying  HP  StorageWorks 
DAT  72  tape  drives  only  through  6/30/05.  Intel,  Intel  Inside,  the  Intel  Inside  Logo  and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  ©2005  Hewlett-Packard  Development  Company,  L.P. 
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Premium  Sponsors: 
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SPECTRUM*  POWERED  SOLUTIONS 


a 

Computer  Associates" 
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Oblicore 

Remedy* 


Winning  the  IT  Services  Game? 

You  know  that  you  need  to  address  IT  Service  Levels.  Take  the  first  step  to  winning 
the  confidence  of  your  end  users.  Log-on  to  www.enterprisemanagement.com  to 
purchase  your  copy  of  SLM  Solutions:  A  Buyer's  Guide,  3rd  Edition.  Inside  you’ll  find 
unbiased  profiles  of  more  than  70  Service  Level  Management  solutions.  Plus,  advice 
from  the  trusted  leader  in  Service  Level  Management  on  how  to  evaluate,  select  and 
deploy  an  SLM  solution. 


IT  professionals,  be  sure  to  catch  EMA’s  SLM  Market  Update  and  Primer  Webinar 
to  learn  about  the  latest  trends  in  SLM  vendor  solutions,  and  some  SLM  basics  too! 
Details  and  registration  information  can  be  found  on  www.enterprisemanagement.com. 


Your  Score:  1 00%  Satisfied  End  Users 


ENTERPRISE  MANAGEMENT 

ASSOCIATES 


_ 
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NETWORK  EXCELLENCE 


k _ 

J-Series  &  JUNOS,  Always  Performance  Perfection. 

Are  you  sinking  in  a  patchwork  of  network  complexity?  Can  you  count  on  your 
network  to  deliver  the  security  and  predictability  that  your  business  needs  to 
move  to  VoIP  or  to  run  networked  ERP  applications?  Or  to  gain  the  flexibility  and 
cost  advantages  of  moving  remote  and  branch  office  connections  from  leased 
line  to  IPSec  VPN? 


Simply  leave  the  Status  Quo  for  unprecedented  simplicity,  predictability  and  platform 
independence:  Juniper’s  J-series.  The  J-series,  and  our  modular  JUNOS  operating  system, 
is  perfect  for  extended  and  distributed  enterprises  with  business-critical  application  - 
ensuring  superior  security  and  quality  over  a  converged  IP  network.  Now  forward-thinking 
enterprises,  government  organizations  and  research  &  education  groups  have  a  better 
alternative  in  forward-looking  platforms: 

•  Superior  Security:  Dedicated  resources  offer  the  most  advanced  defense  from  outside 
threats  while  giving  you  complete  control,  even  under  attack.  Add  new  filters  and 
policies  directly,  quickly,  easily. 

•  Unprecedented  Uptime:  JUNOS  architecture  allows  multiple  functions  to  run 
independently,  keeping  minor  issues  from  becoming  major  problems.  And  keeping 
enterprises  (and  network  managers)  secure  -  in  fact,  just  hit  “rescue"  for  speedy 
system  recovery.  What’s  more,  our  next-generation  CLI  means  accurate  configuration. 
Legacy  “routers”  can  only  wish  for  parallel  multi-function  excellence. 

•  Performance  Predictability.  Congestiorvending  architecture  ensures  the  most  important 
applications  receive  top  resource  priority,  so  you 
maintain  incredible  control  and  throughput  during 
the  most  demanding  times. 

•  Reduced  Operational  Complexity  &  Costs:  Our 
clean-code  configuration  and  consistent  release 
schedules  require  minimal  effort  to  set  up  and 
maintain  -  no  wasted  time  on  constant  patches 
and  upgrades. 


►  SPECIFICATIONS 


Platform 

J2300 

J4300 

J6300 

Size 

1U 

2U 

2U 

Site  Connections 

2xTl/El/Serial 

2XT1/El/Serial 
to  BxTl/El 

2xTl/El/Serial 
to  DS3 

Fixed  LAN  Ports 

2xFE 

2xFE 

2xFE 

WAN  Interface  Slots 

n/a 

6  Open  Slots 

6  Open  Slots 

Fixed  WAN  Interfaces 

2xTl  or  2xEl  or  2xSerial 

n/a 

n/a 

WAN  Interface 

Modules 

n/a 

2xTl/2xEl/ 

2xSerial/2xFE 

2xTl/2xEl/ 

2xSerial/2xFE/DS3 

Memory 

256  or  512  MB  DRAM 

256  or  512  MB  DRAM 

256/512/1024  MB  DRAM 

Redundancy 

No 

No 

Power 

Additional  Software 
Licenses 

Stateful  Firewall,  IPSec, 
J-Flow  Accounting, 

BGP  Route  Reflector 

Stateful  Firewall,  IPSec, 
J-Flow  Accounting, 

BGP  Route  Reflector 

Stateful  Firewall,  IPSec, 
J-Flow  Accounting, 

BGP  Route  Reflector 

t  CARRIER-CLASS  PERFORMANCE  &  SECURITY,  READY  FOR  YOU. 

Tired  of  old  answers?  Take  a  look  at  the  future:  www.juniper.net/products/jseries/ 

www.juniper.net 

888-JUNSPER  (888-586-4737) 
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IBM  has  some  tall  RFID  plans 


Sensing  opportunity 

Platform  veteran  IBM  is  building  out  its  multi-tiered  RFID  offerings  with 
an  eye  toward  enterprise  scalability. 

Challenges  Opportunities 

Less  specialized  experience  than  some 
RFID  start-ups. 

Current  portfolio  of  management, 
integration  and  development  software. 

So  far,  fewer  big-name  pilots  to  reference. 

Accustomed  to  enterprise-class 
scalability  and  reliability  requirements. 

: 

Need  to  preserve  partnerships  with  RFID 
specialists  while  increasingly  competing 
with  them. 

Services  tie-in. 

.  ‘  .  \  v.  ‘  :  ^  1 ; 

■  Macromedia  last  week  released 
Version  5.0  of  Breeze,  an  online  con¬ 
ferencing  and  collaboration  platform 
that  uses  the  company's  Flash  format 
to  support  virtual  meetings  and  train¬ 
ing.  Breeze  5.0  includes  a  new  Events 
application  for  managing  large  online 
seminars  and  events.  Breeze  also  has 
multi-course  curriculum  management, 
full-screen  video,  and  enhanced  track¬ 
ing  and  reporting  features  along  with 
new  question  and  quiz  types.  The 
Breeze  server  runs  on  Windows 
Server  2000  and  2003  and  costs 
$25,000. 

■  Managed  Objects  recently  intro¬ 
duced  two  products  designed  to  help 
customers  discover  applications  and 
better  configure  IT  resources  to  sup¬ 
port  business  applications.  The  com¬ 
pany  licensed  nLayers'  application- 
discovery  appliance  to  offer  its  cus¬ 
tomers  Business  Technology 
Insight,  which  discovers  applica¬ 
tions  and  their  interdependencies  on 
other  IT  resources,  such  as  servers 
and  databases.  Managed  Objects 
also  unveiled  its  Business  Service 
Configuration  Management 
software,  which  pulls  asset,  change 
and  configuration  data  from  multiple 
IT  components  and  stores  it  in  a 
configuration  management  data¬ 
base.  The  database  helps  IT  man¬ 
agers  understand  how  applications 
come  together  to  deliver  business 
services,  and  the  software  can  moni¬ 
tor  those  application  flows  to  ensure 
preset  service  levels  are  met.  BTI  is 
an  optional  appliance  and  costs 
$150,000.  Pricing  for  BSCM  starts  at 
$220,000. 

■  The  next  version  of  Windows  will 
include  a  new  document  format,  code- 
named  Metro,  to  print  and  share  doc¬ 
uments,  Microsoft  said  last  week. 
Metro  appears  to  rival  Adobe's  Post¬ 
Script  and  PDF  technologies.  The  for¬ 
mat,  based  on  XML,  will  be  licensed 
royalty-free,  and  users  will  be  able  to 
open  Metro  files  without  a  special 
client.  In  a  demonstration,  a  Metro  file 
was  opened  and  printed  from  Internet 
Explorer. 


■  BY  ANN  BEDNARZ 

IBM  is  ramping  up  its  efforts  to  compete 
in  the  emerging  market  for  products  that 
communicate  environmental  data  to  IT 
systems  for  analysis  —  which  Big  Blue 
says  could  represent  a  $20  billion  oppor¬ 
tunity  by  2007. 

These  days  there’s  a  spotlight  on  radio  fre¬ 
quency  identification  (RFID)  technology 
thanks  to  adoption  mandates  from  retail¬ 
ers  such  as  Wal-Mart,  Best  Buy  and 
Albertsons  that  are  working  to  incorporate 
the  wireless  tracking  technology  into  their 
supply  chains.  But  RFID  isn’t  the  only  sen¬ 
sor-based  technology  in  play  says  Ann 
Breidenbach,  director  of  product  line  man¬ 
agement  and  business  strategy  for  IBM’s 
newly  formed  Sensors  and  Actuators  busi¬ 
ness  unit. 

Defined  broadly,  sensors  are  devices, 
such  as  thermometers  and  pressure 
gauges,  which  detect  conditions  in  the 
physical  world.  Actuators  receive  electri¬ 
cal  signals  from  sensors  and  execute  an 
action  —  such  as  a  valve  or  a  switch  that 
shuts  itself  off  or  makes  an  adjustment. 

For  decades,  sensors  and  actuators 


■  BY  JORIS  EVERS  AND  JOHN  BLAU 

SAP  and  Microsoft  later  this  year  plan  to 
deliver  a  jointly  developed  product  that 
links  SAP’s  software  and  Microsoft’s  Office 
products,  giving  users  a  familiar  user  inter¬ 
face  to  more  complex  ERP  applications. 

Code-named  Mendocino,  it  is  the  first 
joint  product  from  SAP  and  Microsoft  and 
stems  from  an  agreement  that  SAP  and 
Microsoft  struck  last  year  to  integrate 
their  respective  NetWeaver  and  .Net  soft¬ 
ware  platforms.  Microsoft  and  SAP  have 
been  partners  for  many  years  and  have 
discussed  a  merger.  The  joint  product  is 
one  of  the  most  significant  results  of  that 
partnership  since  merger  talks  broke  off 
last  year,  and  it  could  help  SAP  and 
Microsoft  compete  better  against  Oracle 
and  IBM. 

Desktop  and  enterprise  applications  are 
“almost  seen  as  being  disconnected,”  Jeff 
Raikes,  group  vice  president  of  informa- 


have  helped  monitor  industrial  process- 
es.The  trouble  is, such  devices  tend  to  be 
part  of  single-purpose,  closed  implemen¬ 
tations  such  as  a  system  that  monitors 
whether  a  conveyer  belt  in  a  manufac¬ 
turing  facility  is  running  properly, 
Breidenbach  says. 

The  challenge  is  tapping  that  current 
data  source  and  feeding  it  to  enterprise 
applications  so  it  can  be  used  to  help 
guide  broader  business  decisions.  “Ex- 
isting  sensor  systems  don’t  take  informa¬ 
tion  about  a  line  and  what’s  been  pro- 


tion  worker  business  at  Microsoft,  told 
users  at  the  Sapphire  event  in 
Copenhagen,  Denmark,  last  week.  Much 
of  the  information  stored  in  desktops 
doesn’t  find  its  way  into  enterprise  appli¬ 
cations  because  it  has  to  be  rekeyed,  he 
said. 

As  a  result,  workers  waste  time  looking 
for  information. The  aim  of  Mendocino  is 
to  provide  the  “right  information  at  the 
right  time”  and  to  make  tasks  transparent 
and  simple,  Raikes  said. 

Mendocino  will  connect  Office  2003 
and  the  current  version  of  MySAP  ERP 
Users  in  a  consulting  firm,  for  example, 
will  be  able  to  instantly  book  time  against 
a  specific  client  in  the  SAP  time-tracking 
system  when  they  schedule  an  appoint¬ 
ment  in  Microsoft  Outlook. 

The  joint  product  will  integrate  SAP’s 
time  management,  budget  monitoring, 
organizational  management,  and  travel 
See  Mendocino,  page  34 


duced  and  get  it  back  to  the  enterprise  so 
you  can  understand  how  the  business  is 
running,”  Breidenbach  says.  “The  Sensors 
and  Actuators  business  unit  is  about  pro¬ 
viding  hardware,  software  and  services  to 
deliver  that  kind  of  information.” 

To  that  end,  IBM  is  focusing  its  product 
development  resources  on  middleware 
that  handles  everything  from  device  man¬ 
agement  and  data  filtering  to  business- 
process  integration  and  data  analysis. 
IBM’s  multi-tiered  approach  includes 
embedded  device  software  for  basic  data 
filtering  and  correlation,  and  higher-level, 
server-based  middleware  that  gets  sensor¬ 
generated  data  ready  for  business  appli¬ 
cations  to  absorb. 

“It’s  important  to  move  the  data  process¬ 
ing  to  the  edge  of  a  network,”  Breidenbach 
says.  Not  only  does  it  cut  down  on  net¬ 
work  traffic,  but  it  also  reduces  the  load  on 
enterprise  applications  —  which  run  on 
expensive  servers,  she  says.“The  more  you 
move  processing  down  the  line  to  lower- 
cost  devices,  the  better  off  you’ll  be,”  she 
says. 

Among  the  first  fruits  of  the  new  unit  are 
three  RFID-focused  software  products 
announced  late  last  year  and  available 
now:  WebSphere  RFID  Device  Infra¬ 
structure,  which  reader  manufacturers 
can  embed  in  their  devices;  WebSphere 
RFID  Premises  Server,  which  monitors  and 
manages  RFID  hardware  and  software  in 
individual  remote  locations;  and  Web¬ 
Sphere  Remote  Server,  which  can  be  used 
to  RFID-enable  handheld,  kiosk  and  self¬ 
checkout  devices. 

A  key  attribute  of  these  products  is 
remote  manageability.  RFID  Premises 
Server,  for  example,  bundles  IBM’s  Tivoli 
systems  management  software  —  along 
with  its  WebSphere  application  server, 
DB2  database  software  and  WebSphere 

See  IBM,  page  34 
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SugarCRM  unveils  open  source  package 


■  BY  STACY  COWLEY 

SugarCRM  last  week  released  an 
upgrade  to  its  open  source  CRM  system,  a 
software  package  SugarCRM’s  founders 
say  they  hope  will  woo  customers  that 
would  otherwise  turn  to  more  expensive 
commercial  CRM  offerings. 

Sugar  Suite  3.0  represents  a  significant 
advance  for  the  young  product,  which 
publicly  launched  last  September.  The 
forthcoming  update  adds  campaign  man¬ 
agement,  e-mail  marketing  and  forecast¬ 
ing  components  to  the  suite,  along  with 
tools  for  broader  back-office  administra¬ 
tion  such  as  project  management  and  an 
employee  directory 

SugarCRM  was  founded  in  April  2004  by 
a  group  of  developers  that  had  worked 
together  at  CRM  maker  Epiphany  Frus¬ 
trated  by  what  they  saw  as  the  ineffic¬ 
iency  of  the  commercial  software  devel¬ 
opment  process,  the  Cupertino,  Calif., 
company’s  creators  say  they  felt  an  open 
source  model  could  build  both  better 
software  and  the  foundation  for  a  viable 
business,  says  John  Roberts,  CEO  of 
SugarCRM.  The  company  is  backed  by 
close  to  $8  million  in  venture  capital 


funding  from  Draper  Fisher  Jurvetson  and 
Walden  International. 

The  software’s  development  home  is 
SugarForge.org,  where  the  source  code 
can  be  downloaded  for  free.  A  commer¬ 
cial  version,  Sugar  Professional,  includes 
customer  support  and  additional  exten¬ 
sions, such  as  improved  reporting  and  data 
security  features.  Pricing  for  Sugar 
Professional  starts  at  $239  per  user,  per 
year, and  drops  with  volume  licensing.  A 
hosted  version  is  available  for  $40  per 
user,  per  month. 

Athenahealth  CTO  Bob  Gatewood  is  in 
the  process  of  replacing  several  hundred 
Salesforce.com  licenses  in  his  organiza¬ 
tion  with  SugarCRM  deployments.  The  pri¬ 
vately  held  Waltham,  Mass.,  healthcare 
practice  management  firm  has  used 
Salesforce.com  for  four  years,  in  which 
time  Gatewood  says  the  firm  grew  from  $2 
million  to  $60  million  per  year  in  annual 
revenue. 

“We’ve  gotten  to  a  size  where  we  need 
more  control  and  tighter  integration  with 
our  internal  systems,”  he  says.  “We  love 
open  source,  and  we  have  a  sizable  devel¬ 
opment  team  already  This  was  really  about 
getting  the  code.” 


Gatewood’s  group  has  extensively  mod¬ 
ified  SugarCRM  to  suit  its  needs  and  later 
this  month  will  be  going  live  with  its 
deployment.  Eventually  Gatewood  says 
he  expects  SugarCRM  to  roll  out  to  200 
Athenahealth  employees,  cutting  the 
organization’s  Salesforce.com  licenses 
from  300  to  100.  The  move  will  reduce 
Athenahealth’s  software  licensing  costs, 
but  that  wasn’t  the  primary  motivation, 
Gatewood  says. 

“We  have  some  customer  case  routing 
issues.The  call  center  is  able  to  resolve  85% 
of  the  calls,  but  the  ones  they  need  help 
with  they  have  to  send  off  to  a  subject  mat¬ 
ter  expert.  Salesforce.com’s  data  structure 
doesn’t  make  it  easy  for  us  to  track  it  when 
that  happens,”  Gatewood  says.  “With  Sugar, 
all  that  stuff  is  transparent  now.  We  could 
get  in  and  change  the  code.” 

SugarCRM’s  customer  base  is  a  small 
fraction  of  that  of  major  CRM  vendors. 
SugarCRM  has  logged  150,000  downloads 
and  sold  licenses  to  200  organizations, 
Roberts  says.  The  company  is  only  lightly 
covered  by  analysts;  in  a  recent  report, 
Gartner  listed  SugarCRM  among  a  pack  of 
companies  offering  commoditized  sales 
management  tools  suitable  for  “small,  sim¬ 


ple  organizations.” 

Still,  plenty  of  organizations  don’t  need 
more  than  basic  CRM  features.“What  per¬ 
centage  of  the  features  do  you  actually 
use  in  Microsoft  Word?”  asks  Pride 
Industries  CFO  Tim  Yamauchi,  who 
picked  SugarCRM  for  use  in  his  3,000- 
employee  nonprofit  company  in  Rose¬ 
ville,  Calif. 

Pride  employs  disabled  workers  to  pro¬ 
vide  a  variety  of  outsourced  mainte¬ 
nance  and  administrative  services. 
Yamauchi  had  used  a  variety  of  CRM  sys¬ 
tems  in  previous  jobs  and  wasn’t  overly 
impressed  by  any  of  them.  Pride  uses  a 
number  of  open  source  applications,  and 
when  its  IT  team  brought  SugarCRM  to 
Yamauchi’s  attention,  he  was  impressed 
by  both  the  technology  and  the  ethos  of 
SugarCRM’s  executives. 

“They’re  a  young,  entrepreneurial  com¬ 
pany  and  they’ve  been  great  to  work  with,” 
Yamauchi  says.  When  he  requested  fea¬ 
tures  that  would  push  out  sales  and  mar¬ 
keting  reports  by  e-mail,  SugarCRM’s 
developers  provided  it. 

Cowley  is  a  correspondent  with  the  IDG 
News  Service. 
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MQ  messaging  software  and  middleware 
—  so  that  companies  can  centrally  man¬ 
age  deployments  at  remote  locations  such 
as  in  distribution  centers.“Most  companies 
don’t  have  IT  staff  standing  by  at  every 
dock  door?  Breidenbach  says. 

Royal  Philips  Electronics  is  using  IBM’s 
RFID  middleware  in  a  project  designed 
to  trace  packages  traveling  between  its 
semiconductor  manufacturing  facility  in 
Kaoshiung, Taiwan,  and  distribution  cen¬ 
ter  in  Hong  Kong. 

Likewise,  IBM  is  using  its  own  RFID 
middleware  to  streamline  operations  at 
its  chip  fabrication  plant  in  Fishkill,  N.Y. 
The  company  invested  $2.5  billion  to 
transform  the  chip  fabrication  factory, 
which  now  includes  RFID-tagged  con¬ 
tainers  for  keeping  tabs  on  inventory. 
Using  RFID  for  tracking  the  expensive 
components  has  helped  IBM  realize 
higher  manufacturing  yields,  and  it  pro¬ 
vides  flexibility  to  adjust  more  quickly  to 


shifting  production  demands,  according 
to  Breidenbach. 

The  RFID  opportunity 

IBM  has  allotted  $250  million  over  the 
next  five  years  to  develop,  market  and  sell 
products  for  RFID  and  other  sensor-based 
systems.  But  IBM  isn’t  alone  in  eyeing 
RFID.  All  the  major  platform  vendors  are 
coming  out  with  RFID-related  products. 
Oracle  last  month  announced  an  RFID- 
focused  development  partnership  with 
Intel  and  plans  to  team  with  RFID  appli¬ 
ance  maker  Xpaseo  to  develop  a  bundled 
device  for  managing  RFID  deployments. 

At  the  same  time  Sun  announced  Java 
System  RFID  Software  2.0  —  a  new'  ver¬ 
sion  of  its  RFID  middleware,  which  fea¬ 
tures  improved  management  tools  and 
built-in  provisioning  capabilities  for  priori¬ 
tizing  key  RFID-based  processes. 

Microsoft  and  SAP  also  have  readied 
RFID  wares  to  compete  with  smaller,  spe¬ 
cialist  vendors  such  as  OATSystems, 
ConnecTerra  and  GlobeRanger. 

All  these  players  are  after  what  analysts 


say  is  a  growing  market  for  RFID  tech¬ 
nology.  Global  RFID  hardware  and  soft¬ 
ware  revenue  grew  from  $1.25  billion  in 
2003  to  $1.54  billion  in  2004  and  is  pro¬ 
jected  to  hit  $1.94  billion  this  year, 
according  to  ABI  Research. 

The  associated  market  for  RFID  consult¬ 
ing  and  implementation  services  is  on  the 
rise  as  RFID  projects  grow  in  scope  and 
complexity  —  which  represents  a  huge 
opportunity  for  consulting  businesses  such 
as  IBM’s  global  services  division.  ABI 
Research  projects  the  market  for  RFID-relat¬ 
ed  integration  services  will  surpass  RFID 
product  revenues  by  2007. 

Deploying  RFID  technology  requires 
professionals  who  understand  what  it 
takes  to  get  the  equipment  operating  in 
the  field,  where  physical  conditions  can 
be  a  lot  different  from  those  in  a  labora¬ 
tory  setting,  Breidenbach  says.  Consulting 
services  will  become  increasingly  impor¬ 
tant  as  companies  look  for  RFID  opportu¬ 
nities  beyond  simple  dock-door  receiving 
scenarios,  she  says. 

IBM  is  working  with  companies  that  are 
looking  to  expand  RFID  deployments  out¬ 
side  of  tagging  pallets  of  goods.  Food  trace- 
ability  is  one  example,  Breidenbach  says. 

Hospitals  also  are  using  RFID  to  keep 
track  of  assets  such  as  crash  carts  and 
wheelchairs,  and  automotive  companies 
are  using  RFID  to  track  the  whereabouts  of 
cars  after  they  arrive  from  overseas  and 
before  they  make  it  to  dealer  locations, 
she  says.  “There  are  quite  a  few  different 
use  cases  beyond  shipping  pallets  of  cere¬ 
al,”  Breidenbach  says.  ■ 


Mendocino 
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and  expense  management  directly  into 
Office,  the  companies  said  in  a  state¬ 
ment.  With  the  new  product,  information 
workers  would  be  able  to  use  extended 
application  menus  and  select  process 
options  and  information  in  the  SAP 
smart  panel,  synchronize  information 
between  Microsoft  Exchange  Server  and 
SAP  retrieve  SAP  information  in 
Microsoft  Excel,  and  submit  data  via 
Microsoft  Office  InfoPath  forms,  they 
said. 

Both  SAP  and  Microsoft  will  sell 
Mendocino  and  some  underlying  SAP 
technology  on  which  it  is  being  built. 

Pricing  has  yet  to  be  determined. 

SAP  also  announced  a  deal  with  Macro¬ 
media  that,  like  the  Microsoft  partnership, 
aims  to  enhance  end-user  interfaces. 

Under  the  deal,  SAP  v/ill  combine  its 
NetWeaver  integration  platform  and  Net- 
Weaver  Visual  Composer  with  Macro¬ 
media’s  Flex  presentation  system,  which 
lets  developers  visually  design  applica¬ 
tion  logic  and  process  flows  to  make 
Internet  applications  easier  to  use. 

Evers  and  Blau  are  correspondents  with 
the  IDG  News  Service. 
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Forecasts  for  double  or  nothing 


the  No  Good  Deed  Goes  Unpun¬ 
ished  Department,  Sen.  Rick 
Santorum  (R-Pa.)  has  introduced 
legislation  to  cripple  the  ability  of  the 
National  Weather  Service  to  show  you 


weather  information  and  forecasts  that  you 
paid  to  have  collected. 

Last  year  I  wrote  about  an  experimental 
service  the  NWS  developed  to  provide  raw 
weather  data  via  an  XML  interface  (www. 


George  is  secure  in  his  information  workplace 
(and  he’s  not  afraid  to  show  it.)  A 


Worrying  about  viruses  and  unwanted  content  can  hold  you  back. 
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1 00  organizations  to  small  businesses  -  rely  on  Sybari  to  secure  their 
information  workplaces,  including  e-mail,  instant  messaging,  and 
document  sharing. 
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networkworld.com,  DocFinder:  6932).  A 
few  months  after  that  column  ran,  the  NWS 
converted  the  experiment  into  a  produc¬ 
tion  service  over  the  objections  of  the  com¬ 
mercial  weather  service  industry  This  deci¬ 
sion  was  in  line  with  recommendations  in 
the  National  Research  Council  report  “Fair 
Weather:  Effective  Partnerships  in  Weather 
and  Climate  Services”  (DocFinder:  6933). 

The  logic  of  this  decision  and  the  general 
idea  that  the  NWS  provides  information  (in¬ 
cluding  its  Web  site  at  wwwnws.  noaa.gov) 
to  the  public  with  few  restrictions,  wras  fur¬ 
ther  supported  by  a  February  column  by 
James  Boyle,  a  Duke  Law  School  professor, 
in  The  Financial  Times.  Boyle  wrote  that  the 
model  of  open  access  to  weather  data  prac¬ 
tices  in  the  U.S.  produced  a  39-fold  return 
on  the  cost  of  collecting  and  analyzing 
weather  data  as  compared  with  a  sevenfold 
return  in  Europe,  where  the  same  type  of 
data  is  not  openly  shared. 

The  weather  industry  didn’t  accept  the 
NWS  decision  that  you  shouldn’t  have  to 
pay  twice  for  the  same  data  and  has  appar¬ 
ently  convinced  Santorum  to  act  as  its 
water  boy  It  is  likely  not  a  coincidence  that 
Accu Weather,  one  of  the  many  commercial 
providers  of  weather  information,  is  based 
in  Pennsylvania.  One  look  at  the  confusing 
and  advertising-filled  AccuWeather  Web 
site  will  tell  you  why  it  would  like  to  shut 
down  the  clear  and  intuitive  NWS  site. 

With  irony  in  the  timing,  Santomm  intro¬ 
duced  Senate  Bill  786,  the  “National 
Weather  Services  Duties  Act  of  2005”  on  the 
day  before  U.S.  taxes  were  due  —  the  taxes 
that  pay  for  the  NWS.  The  bill,  obtainable 
through  the  Library  of  Congress  Thomas 
Web  site  (thomas.loc.gov),  is  designed  “to 
clarify  the  duties  and  responsibilities  of  the 
National  Oceanic  and  Atmospheric  Admin¬ 
istration  and  the  National  Weather  Service, 
and  for  other  purposes.”  A  press  release 
about  the  bill  on  the  senator’s  Web  site 
reads:  “Santorum  proposes  to  modernize 
National  Weather  Service  to  better  serve 
public.”  Santorum  must  have  a  strange  con¬ 
cept  of  serving  the  public  considering  the 
bill  prohibits  the  NWS  from  providing  a 
product  or  service  “that  is  or  could  be  pro¬ 
vided  by  the  private  sector”  Such  a  rule 
would  require  the  NWS  to  largely  shut 
down  its  public  face,  including  its  Web  site, 
because  it  offers  services,  such  as  forecasts 
and  weather  maps  that  AccuWeather  and 
others  provide.  Under  the  bill,  the  NWS 
could  continue  to  provide  severe  weather 
forecasts  and  warnings  but  not  much  else. 

I  hope  that  Congress,  at  least  this  once, 
pays  more  attention  to  the  needs  and  de¬ 
sires  of  the  almost  300  million  people  living 
in  the  U.S.  than  to  a  handful  of  companies 
in  the  commercial  weather  industry 

Disclaimer:  Students  pay  enough  for 
Harvard  the  first  time  and  surprisingly 
many  pay  again  (as  alumni),  but  the 
above  muse  on  paying  double  is  my  own. 
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experience  the  freedom  of  security  and  productivity. 


Bradner  is  a  consultant  with  Harvard 
University’s  University  Information  Systems. 
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Akamai  accelerating  Web-based  apps 


Getting  more  bang  for  your  buck 

Interest  in  content  acceleration  technology  continues  to  grow. 
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■  BY  DENISE  PAPPALARDO 

Akamai  Technologies  this  week  is  ex¬ 
pected  to  launch  a  service  that  promises  to 
improve  the  performance  of  Web-based 
applications  for  business  customers. 

The  content  delivery  network  (CDN)  ser¬ 
vice  provider  intends  to  announce  its 
Application  Accelerator  Service.  The  ser¬ 
vice  is  designed  to  improve  the  availability 
of  Web  applications,  as  well  as  make  it  eas¬ 
ier  to  geographically  disperse  these  appli¬ 
cations  around  the  world. 

Akamai  and  its  CDN  competitors  have 
focused  on  offering  Web  site  caching  to 
improve  performance.This  new  service  lets 
users  speed  up  internal  Web-based  appli¬ 
cations  that  might  be  stored  on  servers 
behind  a  user’s  firewall. 


■  The  global  cellular  handset 
market  saw  robust  growth  during 
the  first  quarter,  according  to 
reports  from  major  handset  manu¬ 
facturers.  Most  of  the  top  handset 
makers  registered  double-digit  per¬ 
centage  growth.  Siemens  regis¬ 
tered  a  double-digit  loss  on  both  the 
previous  quarter  and  first  quarter  of 
2004.  Nokia  again  led  the  market, 
shipping  53.8  million  handsets  during 
the  quarter,  up  20.4%  on  the  first 
quarter  of  2004. 

■  Solace  Systems  last  week  an¬ 
nounced  the  general  availability  of  its 

3200  Series  Multiservice  Mes¬ 
sage  Router.  The  3200  Series  is  a 
“content-aware"  router  that  for¬ 
wards  traffic  based  on  intelligence 
about  the  particular  application  gen¬ 
erating  the  traffic.  Content-aware 
networks  provide  deep  visibility  into 
data  exchanged  between  applica¬ 
tions  and  can  interpret  the  content. 
Keywords  can  be  recognized  and 
acted  upon  during  the  message  for¬ 
warding  procedure.  Actions  such  as 
security  policy  enforcement,  delivery 
to  multiple  destinations  and  message 
prioritization  can  be  performed 
based  on  this  recognition. 


“More  users  are  moving  applications 
online  to  reduce  costs  and  increase  effi¬ 
ciencies,”  says  Dave  Belson,  product  man¬ 
ager  for  application  performance  services 
at  Akamai. 

But  when  these  Web-based  applications 
are  distributed  globally,  they  sometimes 
perform  poorly  because  they  are  man¬ 
aged  and  stored  locally.  For  example,  a 
company  in  the  U.S.  that  houses  its  Web 
servers  hosted  in  one  data  center  might 
see  poor  application  performance  for 
users  in  Asia. 

Businesses  that  have  high-performing 
Web  applications  have  been  forced  to 
manage  network  problems  that  affect  per¬ 
formance  on  their  own, says  Dana  Gardner, 
a  senior  analyst  The  Yankee  Group.  These 
companies  had  to  deploy  manage  and 
maintain  those  applications  over  time, 
which  can  be  costly  “We  haven’t  seen  the 
same  approach  that  Akamai  is  taking, 
where  they  are  offering  it  as  a  managed  ser¬ 
vice,”  Gardner  says. 

Akamai’s  new  service  will  improve  the 
overall  performance  of  applications,  such 
as  reducing  download  times  and  the  time 
it  takes  to  process  online  transactions, 
Belson  says. 

The  service  provider  says  it  has  deployed 
two  new  technologies  that  are  key  in  sup¬ 
porting  the  new  offering.  The  technologies 
are  end-to-end  route  optimization  and  con¬ 
nection  optimization. 

The  end-to-end  route  optimization  tool 
identifies  the  best  path  from  the  customer 
edge  to  Akamai’s  servers.  “The  system  is 
constantly  testing  alternative  paths  look¬ 
ing  for  faster  and  more  reliable  default 


■  BY  JIM  DUFFY 

Don’t  touch  that  diaLVideo  appears  to  be 
the  killer  app  for  IP  routing  these  days. 

Two  vendors  this  week  are  expected  to 
unveil  enhancements  for  their  router  lines 
designed  to  address  the  burgeoning  mar¬ 
ket  among  service  providers  for  IPTV 
Alcatel,  for  one,  is  set  to  introduce  updates 
of  its  7750  and  7450  routers  that  improves 
uptime  and  doubles  Ethernet  density 

Laurel  Networks  also  is  poised  to  roll  out 
hardware  and  software  enhancements  that 
transform  its  ST-200  and  ST-50  routers  into 
“drop  in”  IP  video  routers. 


paths,”  Belson  says.  “It’s  like  taking  side 
roads  to  get  to  work  rather  than  the  high¬ 
way’  While  the  side  roads  total  more 
miles,  there  could  be  delays  on  the  high¬ 
way  that  make  the  longer  route  a  better 
option,  he  says. 

Four  tools  fall  under  the  connection  opti¬ 
mization  banner:  content  pre-fetching, 
transport  protocol  optimization,  compres¬ 
sion  and  persistent  connections. 

Yankee’s  Gardner  says  many  users  are 
opposed  to  caching  their  business  applica¬ 
tions  because  they  are  concerned  about 
out-dated  corporate  information  being 
cached  on  servers  around  the  Internet. 

Content  pre-fetching  allows  Akamai  to 
capture  data  for  a  short  period  of  time  to 


The  extensions  come  at  a  time  when  tra¬ 
ditional  carriers  are  looking  for  new  ways 
to  make  money  and  retain  customers  as 
their  wireline  voice  revenue  continues  to 
diminish  in  the  face  of  mounting  competi¬ 
tion  from  cable  multisystem  operators 
offering  VoIRand  wireless  substitution.  As  a 
result,  carriers  such  as  SBC,  BellSouth  and 
Verizon  are  building  out  fiber  facilities  clos¬ 
er  to  their  customers  to  offer  high-band- 
width  services  such  as  video  directly  over 
fiber  or  current  DSL  copper  loops. 

SBC  has  selected  Alcatel  as  the  preferred 
vendor/integrator  for  SBC’s  Project  Light- 
speed  IPTV  fiber  project.  In  an  effort  to  de- 


improve  application  performance  for  end 
users,  while  adhering  to  customer’s  no¬ 
caching  rules.  With  the  tool  Akamai  can 
capture  graphics  and  scripts  from  an 
Application  Accelerator  Service  customer’s 
site  as  a  user  logs  on  to  its  Web  site.  The 
information  is  stored  in  a  “special  area  of 
memory  to  fulfill  one  user’s  request,  and 
then  that  information  is  flushed  out  of 
memory’  Belson  says. 

The  service  provider  also  is  supporting 
persistent  connections  between  its  edge 
servers  and  its  clients’  sites,  which  Belson 
says  improves  performance  while  reduc¬ 
ing  overhead. 

Application  Accelerator  Service  costs 
$6,000  per  month,  per  application.  ■ 


liver  the  goods,  Alcatel  is  adding  features  to 
its  7450  Ethernet  Service  Switch  and  7750 
Service  Router  designed  to  speed  the  roll¬ 
out  of  voice/data/video  triple-play,  as  well 
as  business  VPN  services. 

The  enhancements  —  Release  2.0  for  the 
7450  and  2.1  for  the  7750  —  include  scal¬ 
able  multicast  for  IPTV  distribution,  and 
automated  per-subscriber  security  poli¬ 
cies.  The  systems  also  have  new  Ethernet, 
TDM  and  ATM  interfaces  that  double  each 
router’s  density  to  40  10G  bit/sec  Ethernet 
ports  on  the  7750  and  20  on  the  7450. 

Extensions  to  the  7750  include  enhanced 
See  Router,  page  40 
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EYE  OH  THE 
CARRIERS 

Johna  Till 
Johnson 


My  recent  column  on  the  necessity 
of  universal  91 1  services  definitely 
hit  a  hot  button.  Many  thanks  to 
those  who  wrote  to  share  their  views. 

A  few  clarifications:  First,  1  provided 
some  inaccurate  information  regarding 
Vonage’s  91 1  capabilities.  Per  Vonage’s  cur¬ 
rent  Web  site,  users  don’t  have  to  pay  extra 
for  911:  Even  the  $14.99  basic  rate 
includes  911  capabilities,  though  in  all 
cases  users  must  activate  their  911  fea¬ 
tures  themselves  (it’s  not  built-in).  My 
apologies  for  the  error. 

Second,  it’s  clear  from  the  responses  that 
there’s  a  lot  of  FUD  around  the  issue  of 
911  and  E911  services.  Let’s  cut  to  the 


The  economics  of  emergency  services 


chase:  The  real  issue,  as  I  noted  in  the  pre¬ 
vious  column,  is  that  enabling  VoIP  with 
E911  capabilities  costs  money  —  and 
nobody’s  willing  to  belly  up  to  the  bar  to 
pay  Or  more  precisely,  nobody’s  yet  taken 
a  hard  look  at  how  funding  models  for 
public  services  should  evolve  in  a  world 
where  voice  (not  just  VoIP)  is  virtually 
free. 

One  of  the  few  organizations  focused  on 
the  issue  of  911-enabling  VoIP  is  the  23- 
year-old  National  Emergency  Number 
Association  (www.nena9-l-l.org),  which 
has  an  active  standards  body  seeking  to 
address  the  technical  challenges  of  next- 
generation  VoIP  To  its  credit,  Vonage  is  a 
charter  member  of  NENAs  VoIP  commit¬ 
tee,  as  is  AT&T.  Other  key  VoIP  players, 
including  AOL,  have  recently  joined. 

As  former  NENA  president  John  Melcher 
testified  to  Congress  a  few  weeks  ago,  91 1 
services  have  never  been  profitable. 
Simply  maintaining  the  current  infrastruc¬ 


ture  and  services  is  expensive  for  the 
ILECs.  Upgrading  them  to  integrate  with 
VoIP  services  is  even  more  expensive.  And 
building  a  new  emergency  infrastructure 
that  doesn’t  rely  on  the  ILEC  infrastruc¬ 
ture,  while  a  laudable  goal,  also  is  (you 
guessed  it)  expensive. 

Moreover,  the  old  methods  of  subsidiz¬ 
ing  91 1  services  no  longer  work  because 
voice  services  (of  whatever  flavor)  aren’t 
the  profit-making  engines  they  were  in 
decades  past.  When  the  original  911  sys¬ 
tem  was  created,  AT&T  footed  the  bill  in 
exchange  for  increased  profits  —  easy  to 
engineer  in  a  government-regulated 
monopoly  world.  When  cellular  providers 
were  required  to  support  911  services, 
they  did  so  in  exchange  for  the  opportu¬ 
nity  to  offer  high-margin  wireless  voice. 

That  opportunity  no  longer  exists.  In  a 
world  in  which  voice  is  a  commodity, 
there’s  no  deep-pocketed  sugar  daddy 
who  can  foot  the  bill  for  emergency  ser¬ 


vices  in  exchange  for  future  higher  profits 
or  new  markets.  In  a  world  where  voice  is 
free,  people  who  sell  nothing  but  voice 
services  (whether  Vonage  or  Verizon)  face 
a  future  of  razor-thin  margins. 

What  to  do?  I  can  think  of  one  solution: 
Create  a  pot,  and  ask  anyone  who  wants 
to  offer  communications  services  — 
whether  traditional  or  VoIP  —  to  con¬ 
tribute  (and  base  the  amount  of  contribu¬ 
tion  on  the  number  of  customers  served). 
That  includes  cable  companies,  wireless 
providers,  ILECs,  CLECs  and  the  Vonages 
of  the  world.  Use  that  money  to  fund  the 
architecture,  design  and  operations  of  91 1 
VoIP  services. 

Yes,  that  increases  costs.  But  as  I  wrote  in 
the  previous  column, 91  l’s  not  negotiable. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


tral]  offices,”  says  Mark  Seery,  program - 
director  at  RHK. 

He  adds  that  Alcatel  is  taking  a  big 
gamble  on  eliminating  the  broadband 
remote  access  server  (B-RAS)  from  its 
IPTV  screen.  Alcatel  says  its  routers  can 
perform  distributed  B-RAS  functions 


across  a  network. 

“One  of  the  great  philosophical  or  archi¬ 
tectural  issues  at  the  moment  is  whether 
the  B-RAS  is  taken  out  of  the  picture  in  the 
video  scenario,”  Seery  says  about  Alcatel’s 
strategy  “If  it  is,  then  Alcatel  is  OK;  if  it’s 
not,  then  Alcatel  has  a  missing  piece.”* 


Sprint  pumps  up  volume 
on  its  Wi-Fi  network 


Router 

continued  from  page  39 

support  for  multiservice  aggregation, such 
as  ATM  access  to  Layer  3  services,  and 
ATM  management,  QoS  and  accounting 
techniques.  The  7750  also  supports  the 
same  non-stop  routing  and  non-stop  ser¬ 
vices  techniques  as  those  unveiled  by 
Alcatel  three  years  ago  under  the  moniker 
ACEIS. 

These  are  high-availability  features 
designed  to  increase  uptime  for  VPN  and 
triple-play  services.  Masergy  Communica¬ 
tions  is  trialing  Release  2.1  of  the  7750s  to 
enhance  its  Multi-protocol  Label  Switching- 
based  IP  VPN  services. 

“We  have  a  lot  of  customers  who  want 
to  use  IP  multicast  for  things  like  the  CEO 
broadcast  and  business  learning,” says  Jim 
Brunetti,  director  of  IP  engineering  at 
Masergy.  “One  of  the  things  that  held  us 
back  from  using  the  7750  as  a  Layer  3  box 
was  multicast  support.  So  that’s  a  key 
thing  for  us.” 

Masergy  also  is  interested  in  the  higher- 
density  TDM  interfaces  on  the  7750, 
which  will  allow  it  to  eliminate  an  inter¬ 
mediary  device  for  aggregating  circuits; 
and  the  non-stop  routing/services  to 


improve  uptime. 

Laurel’s  triple-play  lineup  includes  an 
“Ethernet-optimized”  network  processing 
blade  designed  to  deliver  10G  bit/sec  of 
wire-speed  performance;  a  10-port  Gigabit 
Ethernet  physical  interface  card;  and 
Release  3.2  of  Laurel’s  ShadeTree  soft¬ 
ware  that  supports  automated  discovery, 
authentication  and  configuration  of 
Ethernet  home  media  devices. 

The  new  processor  and  line  cards  are 
intended  to  facilitate  the  transition  of  DSL 
access  networks  from  ATM  to  IP  Laurel 
says  the  density  of  the  new  line  cards  will 
allow  for  direct  connectivity  to  new 
Ethernet-based  DSL  access  multiplexers 
(DSLAM)  as  well  as  high-speed  connec¬ 
tivity  to  the  IP  backbone. 

The  network  processor  blade,  10-port 
Gigabit  Ethernet  physical  interface  card, 
and  ShadeTree  3.2  are  expected  to  be 
available  in  the  third  quarter. 

Neither  vendor  disclosed  pricing. 

Analysts  say  there  still  are  gaps  to  fill  if 
each  vendor  wants  to  deliver  a  compre¬ 
hensive  triple-play  portfolio. 

With  Laurel,  “you  almost  need  two  plat¬ 
forms:  One  is  a  regional  concentrator 
which  is  a  little  bit  more  expensive  than 
the  one  that  goes  into  the  DSLAM  [cen- 


■  BY  DENISE  PAPPALARDO 

Sprint  is  beefing  up  its  Wi-Fi  hot-spot  cov¬ 
erage  in  what  the  company  calls  an  effort 
to  offer  users  better  wireless  access  sup¬ 
port  around  the  world. 

The  Sprint  PCS  Wi-Fi  Access  service  now 
sports  19,000  wireless  LAN  (WLAN)  hot 
spots,  up  from  14,000  in  March. 

Customers  of  Sprint’s  Extended  Work¬ 
place  Service  can  use  any  of  Sprint’s  hot 
spots  to  access  their  corporate  networks. 
Sprint  last  month  announced  the  service. 

Because  Sprint  is  the  only  one  of  the  big 
three  interexchange  carriers  to  offer  and 
own  a  wireless  network  and  services,  the 
carrier  intends  to  exploit  that  advantage  by 
leading  the  pack  in  Wi-Fi  support,  as  well  as 
cellular  data.At  19,000, Sprint  has  more  Wi¬ 
Fi  hot  spots  than  AT&T  and  MCI  combined. 
AT&T  says  it  has  just  more  than  9,000,  and 
MCI  says  it  has  nearly  1 1,000. 

Sprint’s  goal  in  building  out  its  Wi-Fi  net¬ 
work  is  to  provide  its  Extended  Workplace 
customers  with  near-ubiquitous  access, 
says  Wes  Dittmer,  director  of  WLAN  ser¬ 
vices  at  the  carrier.  “We  want  to  make  it 
easy  for  users  to  use  EV-DO,  wireless  LANs 
and  dial  networks  to  connect  to  their  cor¬ 
porate  networks.”  Evolution  Data  Op¬ 
timized  is  a  3G  wireless  network  technol¬ 


ogy  that  Sprint  is  deploying  to  support 
mobile  data  speeds  of  300K  to  500K 
bit/sec. 

The  carrier  has  signed  roaming  agree¬ 
ments  with  four  ISPs  and  virtual  network 
providers  to  expand  its  Wi-Fi  network.  The 
new  service  providers  are  Quiconnect, 
Fiberlink  Communications,  Opti-Fi,  Pronto 
Networks  and  Nomadix. 

Quiconnect  provides  access  to  about 
6,000  international  locations,  but  the  carri¬ 
er  expects  that  number  to  grow  throughout 
the  year.  Part  of  that  growth  will  include 
WLAN  access  in  30  international  airports. 

Sprint  will  use  about  3,800  Wi-Fi  hot  spots 
from  Fiberlink,  about  30  Wi-Fi  hot  spots  in 
airports  around  the  U.S.  from  Opti-Fi, “hun¬ 
dreds”  of  hot  spots  from  Pronto  and  350 
hot  spots  from  Nomadix. 

Dittmer  says  Sprint  has  come  a  long  way 
since  2003,  when  the  carrier  only  had  450 
hot  spots. 

Sprint  expects  similar  growth  this  year 
with  the  goal  of  having  at  least  25,000  hot 
spots  available  to  its  customers  by  year- 
end.“If  we  don’t  exceed  25,000 1  will  be  dis¬ 
appointed,”  Dittmer  says. 

Sprint  is  in  talks  with  several  large  inter¬ 
national  carriers  that  have  substantial  Wi-Fi 
networks  with  the  same  number  of  hot 
spots,  including  BT  and  Swisscom.* 


Triple  player 

Features  of  Laurel’s  IP  video  router 


•  Ethernet-optimized  network  processor. 

•  10G  bit/sec  wire-speed  performance. 

•  High-density  10-port  1G  bit/sec  Ethernet 
physical  interface  cards. 

•  ShadeTree  software  Release  3.2. 

•  Dynamic  discovery  and  provisioning. 

•  Authentication. 

•  Configuration  of  home  media  devices. 
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Trust  us,  it's  an  unbelievable  number. 
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Keep  your  network  safe  from 
dynamic  threats  with  Gateway 
Anti-Virus,  Anti-Spyware  and 
Intrusion  Prevention  from 
SonicWALL. 


It's  8am.  Guess  how  many  attacks  hit  your  network  last  night 


But  how  do  you  get  enterprise-class  security  without  blowing  your  budget?  SonicWALL®  has  the  answer. 

We  take  state-of-the-art  network  security  and  make  it  simple,  reliable  and  affordable.  So  you  can  feel  secure. 


Take  our  Gateway  Anti-Virus/Intrusion  Prevention  Solution.  It's  real  network  security  that  delivers  intelligent, 
real-time  protection  against  the  most  sophisticated  new  viruses,  spyware  and  network  intrusions.  It  combines  a 
powerful,  deep  packet  inspection  engine  with  a  continuously  updated  database  of  the  latest  attack  signatures. 
Comprehensive  security  in  an  affordable,  usable  package — that's  the  SonicWALL  answer. 


Take  the  guesswork  out  of  network  security.  For  more  details  on  our  Gateway  Anti-Virus,  Anti-Spyware,  Intrusion 
Prevention  and  other  dynamic  threat  management  solutions  visit  www.sonicwall.com/home/gav.asp  or  call 
us  at  1.888.557.6642. 


Around  the  clock ,  around  the  world,  and  around  the  Web- 

SonicWALL  is  there  for  you. 
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Moving  to  VoIP  shouldn't  create  security  issues  for  your  business. 


It  should  eliminate  them.  That's  why  the  Zultys  MX250  IP  PBX 
runs  cm  a  real-time  Linux  operating  system  that  is  secure  and  not 
vulnerable  to  attack.  And.  since  encryption  is  a  standard  feature. 


it  is  impossible  ioi  anyone  to  inteicept  ‘sensitive  Lommunia  i 
■ere  ye  yA,  r  vy  X-JyyyAXXXXv  L'JAiiAjg  yLyyirr  eT:  eh  .A/e 
box.  To  learn  more  about  adding  sesuie  %  u  L  T  ¥  % 

VoIP,  access  www.zultys.com/nw  today.  Vaca1"  cy  VciL 
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FOR  TYING  TELEWORKERS  TO  THE  ENTERPRISE 


Spike  in  distributed  work  boosts 
professional  suites  giant  Regus 


TELEWORKER 

BEAT 
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ig  companies 

pushing  distributed 

BC  work  realize  that  mobile  employees 

1 w  need  three  places  to  work:  a  corpo¬ 

rate  office,  a  home  office  and  some  sort  of 

third  place,  an  alternate  office. 

There  are  two  visions  about  how  best  to 


meet  the  needs  of  the  alternative  office. 
One  focuses  on  relieving  congestion  in 


■  Corel  last  week  rolled  out  a  small 
business  version  of  its  WordPerfect 
Office  12  suite  that  includes  a  new 
WordPerfect  Mail  client. 
WordPerfect  Mail  includes  a  spam  fil¬ 
ter,  contact  manager,  shared  calen¬ 
daring  and  support  for  RSS  feeds  to 
help  users  keep  up  with  new  additions 
to  Web  logs  and  other  Web  sites.  The 
mail  client  is  part  of  WordPerfect 
Office  12  Small  Business  Edition. 
WordPerfect  Mail  will  not  be  part  of 
the  other  WordPerfect  12  bundles, 
which  include  Standard,  Professional 
and  Home  Edition.  However,  the 
e-mail  client  will  be  sold  as  a  stand¬ 
alone  product  for  a  yet-to-be-dis- 
closed  price.  WordPerfect  Office  12 
was  introduced  in  April  last  year  and 
did  not  previously  include  an  e-mail 
client.  WordPerfect  Office  12  Small 
Business  Edition  includes  Word¬ 
Perfect  12  for  word  processing, 
Ouattro  Pro  12  for  spreadsheets,  an 
application  for  presentations,  a  task 
manager  and  the  Paint  Shop  Pro  9 
graphics  design  tool.  For  users  of 
many  WordPerfect  and  Microsoft 
Office  products,  the  upgrade  version 
of  WordPerfect  Office  12  Small 
Business  Edition  costs  $179.  Without 
a  previous  product  the  WordPerfect 
bundle  costs  $349,  Corel  said. 


big  cities  such  as  Toronto  by  putting  office 
centers  in  suburbs  near  peoples’  homes,  a 
nascent  model  spearheaded  by  start-up 
Suiteworks.  The  other  is  the  traditional 
professional  suites  model, catering  to  trav¬ 
elers  wherever  they  happen  to  touch 
down.  UK-based  Regus  already  owns  the 
latter  and  can  expand  and  grab  some  of 
the  former. 

Regus  started  out  15  years  ago  renting 
meeting  rooms  and  long-term  office  space 
to  companies  that  had  outgrown  their 
space  and  needed  to  set  up  a  temporary 
branch  office  or  quickly  establish  a  pres¬ 
ence  in  a  new  location.  Regus  came 
through  bankruptcy  in  2002  to  acquire  its 
rival,  U.S.  company  HQ,  and  now  is  position¬ 
ing  itself  to  ride  the  distributed  work  wave, 
offering  new  services  suited  to  distributed 
workers  and  independent  contractors. 

For  the  past  two  years  Regus  has  seen  a 
40%  increase  in  business  directly  related  to 
distributed  work,  and  expects  to  see  anoth¬ 
er  40%  increase  this  year.The  company  has 
scrapped  its  long-lease  requirements  and 
began  offering  in  February  a  $25-per- 
month  “network  access  card”  that  gives 
workers  access  to  all  of  Regus’  750  loca¬ 
tions  worldwide  (350  in  the  U.S.).The  card 
gets  you  IT  and  telecom  support,  and  busi¬ 
ness  services  such  as  copying.  Dedicated 
office  space  starts  at  $10  per  hour. 

“Large  companies  are  saying  they  want 
to  emulate  small,  nimble  companies,”  says 
Regus  CEO  Mark  Dixon.  “They  don’t  want 
their  salesforces  and  consultants  sitting  in 
offices,  but  they  want  them  to  have  an 
office  or  a  meeting  room  when  they  need 
it. We’ve  seen  a  sea  change  in  the  past  six  to 
12  months.  Companies  are  under  tremen¬ 
dous  cost  pressure,  and  technology  has 
made  them  less  bothered  by  people  work¬ 
ing  at  home.” 

Last  year  Regus’  virtual  services  business 
(no  physical  office  space)  accounted  for 
4%  of  the  company’s  revenue.  Dixon  ex¬ 
pects  that  to  grow  to  as  much  as  20%  in  the 
next  three  to  five  years. 

He  also  sees  the  U.S.  “leapfrogging 
Europe”  in  its  adoption  of  distributed  work. 
Asa  result, Regus  —  which  had  $1.1  billion 
in  revenue  in  2004  —  plans  to  expand  15% 
in  the  U.S.  this  year,  opening  facilities  in  big 
cities,  small  cities  and  suburbs  (off  high¬ 
way  exits).  Next  year  it  plans  to  grow  20%. 

Kistner  is  managing  editor  of  the  Net. 
Worker  section  of  Network  World.  She  can 
be  reached  at  tkistner@nww.com. 


Cisco’s  Sipura  buy 
boosts  VoIP  support 


■  BY  STEPHEN  LAWSON 

Looking  to  buttress  its  small-business  net¬ 
work  support  of  VoIP  Cisco  last  week 
grabbed  up  Sipura  for  integration  into  its 
Linksys  division. 

Cisco  will  pay  about  $68  million  in  cash 
and  options  for  privately  held  Sipura, 
which  was  founded  in  2003  and  is  based 
in  San  Jose.The  deal  is  subject  to  standard 
regulatory  approvals  and  is  expected  to 
close  in  Cisco’s  fiscal  fourth  quarter,  which 
ends  July  30. 

The  acquisition  is  the  first  that  Cisco  has 
made  for  Linksys  since  it  bought  the  Irvine, 
Calif.,  home  and  small-business  network 
vendor  in  2003.The  move  will  beef  up  Link¬ 
sys’  research  and  development  team,  says 
Victor  Tsao,  Linksys  co-founder  and  senior 
vice  president.  Sipura’s  12  employees  will 
work  for  Linksys,  1 1  of  them  in  engineering, 
he  says.  Sipura  has  four  contractors  that 
also  may  come  to  Cisco. 

Currently,  Linksys  has  a  R&D  team  of 
about  30  people, Tsao  says. 

The  core  of  Sipura’s  product  line  is  ana¬ 
log  terminal  adapters  (ATA)  which  let 


users  connect  conventional  phones  to  a 
broadband  service  to  use  VoIP  Linksys 
already  uses  Sipura  technology  in  some  of 
its  most  popular  VoIP  equipment,  includ¬ 
ing  certain  ATAs  and  wired  and  wireless 
routers,  the  company  says.  After  the  acqui¬ 
sition  closes,  the  company  plans  to  re¬ 
brand  and  keep  selling  Sipura’s  products 
initially  but  its  next  goal  will  be  to  integrate 
the  companies’  product  lines, Tsao  says. 

Sipura  has  established  interoperability 
with  many  brands  of  VoIP  infrastructure, 
including  that  of  Nortel,  Tsao  says.  That 
interoperability  will  continue  because  it  is 
based  on  Session  Initiation  Protocol,  he 
says. 

Linksys  sells  consumer  VoIP  gear  in  the 
U.S.,  partnering  with  service  providers 
such  as  Vonage  and  AT&T,  says  Norm 
Bogen,  an  analyst  at  InStat.  On  the  world 
stage  the  company  is  a  rising  star,  expand¬ 
ing  its  presence  in  Europe  and  Asia 
through  its  parent  company’s  powerful 
channel  relationships. 

Lawson  is  a  correspondent  with  the  IDG 
News  Service. 


Sprint  to  bundle  Orb 
media  access  with  DSL 


■  BY  MARTYN  WILLIAMS 

Sprint  last  week  said  it  will  offer  its  broad¬ 
band  customers  a  remote  media  access 
service  from  Orb  Networks. 

The  service  lets  users  remotely  access 
media  stored  on  home  PCs  from  a  Web 
browser.  It  requires  a  home  PC  running  the 
Windows  XP  or  Windows  Media  Center 
operating  systems  and  supports  multi- 
media  files  such  as  video,  audio  and 
images.  It  also  adds  an  electronic  program 
guide  and  access  to  live  television  if  a  PC  is 
equipped  with  a  TV  tuner. 

The  Orb  service  provides  a  front-end  in¬ 
terface  to  multimedia  stored  on  a  host  PC 
and  customizes  it  for  delivery  to  devices 
such  as  other  PCs,  PDAs  or  cell  phones. 
Sprint  will  offer  the  service  under  the  name 
Sprint  Personal  Media  Link. 

Orb  launched  its  own  brand  service  in 


January  based  on  a  monthly  subscription 
model. This  was  scrapped  in  late  March  in 
favor  of  a  free  service  and  hope  that  rev¬ 
enue  would  come  from  deals  such  as  the 
Sprint  one  announced  Monday 

The  fee  removal  caused  service  growth  to 
increase,  says  Joe  Harris,  vice  president  of 
marketing  at  Orb.“Going  to  free  has  kicked 
things  off, but  a  small  start-up  is  not  going  to 
drive  a  revolution  unless  we  do  some  big 
marketing, so  working  with  partners  is  criti¬ 
cal  for  our  success.” 

The  company  also  is  looking  at  e-com- 
merce  as  a  revenue  stream  and  hopes  to 
launch  such  a  service  soon,  Harris  says. 
Another  possibility  is  promotions  for  TV 
programs  with  money  paid  for  each  user 
who  watches  or  records  a  program,  he  says. 

Williams  is  a  correspondent  with  the  IDG 
News  Service. 
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How  Does 
BMW  Deliver 
Application 
Performance 
on  the  WAN? 


BMW  deploys  FineGround.  By  installing  the 
FineGround  application  delivery  appliance 
in  their  data  center,  they  deliver  LAN-like 
performance  to  their  remote  operations, 
employees,  and  users  around  the  globe.  No 
remote  boxes.  No  infrastructure  upgrades. 
And  no  application  rewrites. 

If  your  organization  has  a  global  user  base, 
FineGround  has  the  solution  for  delivering 
yourbusiness-critical  applications.  Contactus 
today  for  a  free  proof  of  concept.  Well  show 
you  how  your  web  business  can  perform. 


www.fineground.com/BMW 


1 .866.WAN2LAN 


FineGround 

How  Web  Business  Performs 


Software  moves  streams  in  real  time 


Stream-processing  engine  (SPE) 

SPE  data  management  software  processes  high-volume 
event  streams  in  real  time  using  SQL-like,  stream- 
oriented,  continuous  queries. 


HOW  IT  WORKS 
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O  Users  submit  stream-oriented  continuous  queries  to  an  SPE,  which  houses  and  executes  them. 

©  Event  streams  are  input  to  the  SPE  through  a  messaging/transport  system,  such  as  TCP. 

©  The  SPE  processes  and  transforms  events  in  real  time  as  they  flow  through  the  query  operators  in  main  memory. 
©  The  results  of  processing  are  delivered  to  the  client  applications  as  they  are  produced. 

©  Reads  or  writes  to  storage  are  optional  and  are  executed  asynchronously. 

©  Optionally,  the  SPE  can  transparently  distribute  processing  across  mulltiple  machines  for  improved  performance, 
scalability  and  availability. 


■  BY  UGUR  CETINTEMEL 

Applications  that  process  real-time  data- 
streams  are  pushing  the  limits  of  traditional 
data  processing  technologies.  These  appli¬ 
cations  are  characterized  by  the  need  for 
sub-second  response  times — whether  they 
involve  automating  trades,  monitoring  net¬ 
works  for  intrusions,  or  tracking  credit  card 
transactions  for  fraud.  Applications  that 
depend  on  the  traditional  store-and-query 
model  cannot  handle  the  volume  and 
velocity  of  streaming  data,  whose  value 
might  exist  only  in  the  moment. 

A  stream-processing  engine  (SPE)  is  data 
management  software  that  enables  the 
execution  of  queries  and  computations  — 
and  ultimately  actions  —  on  streaming 
data  in  real  time.  Previously  queries  and 
computations  could  only  be  executed  with 
stored  data  using  standard  database  man¬ 
agement  systems.  An  SPE  accepts  SQL-like, 
stream-oriented,  continuous  queries  and 
executes  them  over  live  event  streams,  out- 
putting  results  in  real  time. 

An  SPE  achieves  real-time  operation  by 
integrating  several  mechanisms.  First,  it  sup¬ 
ports  inbound  processing,  in  which  incom¬ 
ing  event  streams  immediately  start  to  flow 
through  the  continuous  queries  as  they 
enter  the  system.The  queries  transform  the 
events  as  they  move,  continuously  produc¬ 
ing  results,  all  in  main  memory  Read  or 
write  operations  to  storage  are  optional 
and  can  be  executed  asynchronously  in 
many  cases. 

Inbound  processing  overcomes  a  limita¬ 
tion  of  the  traditional  outbound  processing 
model  conventional  database  manage¬ 
ment  systems  employ  in  which  data  must 
be  inserted  into  the  database  and  indexed 
before  any  processing  can  take  place.  By 


removing  storage  from  the  critical  path  of 
processing,  an  SPE  achieves  significant  per¬ 
formance  gains  compared  with  traditional 
processing  approaches. 

Second,  an  SPE  adopts  a  single-process 
model,  in  which  all  time-critical  operations 
(including  event  processing,  storage  and 
execution  of  custom  application  logic)  are 
run  as  part  of  one  multi-threaded  process. 
This  integrated  approach  eliminates  high- 
overhead  process  switches  present  in  solu¬ 
tions  that  use  multiple  software  systems  to 
provide  the  same  capabilities. 

Third,  an  SPE  provides  a  flexible,  in¬ 


process  storage  model  and  standards- 
based  access  to  external  databases.  In- 
memory  hash  tables  are  used  for  very  fast 
insert  and  look-up  operations.  Embedded 
databases  are  used  to  ensure  persistence 
of  data  and  can  be  accessed  and  manipu¬ 
lated  using  SQL-style  declarative  queries. 
External,  remote-process  databases  are 
accessible  through  standard  Open 
Database  Connectivity  calls  and  are  conve¬ 
nient  to  use  when  supporting  legacy  data¬ 
bases  or  facilitating  database  sharing  with 
external  applications. 

An  SPE  has  built-in  filtering,  aggregating 


and  correlating,  and  merging  operators 
that  manipulate  windows  of  events. 
Standard  SQL  is  defined  over  finite-sized 
tables,  and  an  execution  engine  thereby 
knows  when  it  is  finished  with  all  its  opera¬ 
tions.  In  contrast,  streams  potentially  never 
end,  and  an  SPE  must  be  instructed  when 
to  finish  processing  and  output  an  answer. 

The  windowing  construct  serves  this  pur¬ 
pose  by  defining  the  scope  of  an  operator. 
In  a  trading  application,  a  one-hour  win¬ 
dow  can  be  used  to  express  a  stream-ori¬ 
ented  query  that  calculates  an  hourly  vol¬ 
ume-weighted  average  price.  Windows  are 
user-configurable  and  can  be  defined  over 
time,  number  of  events  or  breakpoints  in 
other  attributes  of  an  event. 

Stream-oriented  operators  provide  resili¬ 
ency  to  imperfections  in  datastreams, 
caused  by  out-of-order  or  delayed  data 
arrivals,  both  of  which  occur  frequently  in 
real-world  scenarios.  Resiliency  is  achieved 
by  making  operators  time-sensitive: 
Optionally  an  operator  can  be  told  to  wait 
a  longer  period  of  time  for  out-of-order 
messages,  or  timeout  and  stop  waiting  for 
late  messages  that  might  never  arrive. 

Finally  an  SPE  supports  distributed  opera¬ 
tion  for  improved  scalability  and  availability 
Incremental  scalability  is  achieved  by 
letting  processing  be  partitioned  and  dis¬ 
tributed  across  multiple  machines  transpar¬ 
ently  without  necessitating  any  changes  in 
the  application. High  availability  is  crucial  to 
preserve  the  integrity  of  applications  and  to 
avoid  disruptions  in  real-time  processing. 

Cetintemel  is  a  senior  architect  at 
StreamBase  Systems  and  an  assistant  pro¬ 
fessor  of  computer  science  at  Brown 
University.  He  can  be  reached  at  ugur@ 
cs.brown.edu. 


Ask 

Dr.  Internet 

Can  you  recommend  an  open  source  Java  Secure 
Shell  library  that  provides  Secure  FTP  services  in 
a  Java  client  application? 

Yes  —  Jsch  from  www.jcraft.com  is  a  pure  Java 
implementation  of  SSH2  that  offers  a  complete 
set  of  SSH,  Service  Control  Point  (SCP)  and  SFTP 
capabilities.  Jsch  is  distributed  in  source  form, 
and  requires  the  companion  package  Jzlib,  also 
available  from  www.jcraft.com.  Build  scripts  for 

Windows  and  Unix  are  included  to  compile  the 
jsch.jar  library.  Jsch  uses  a  bundled  copy  of  Ant 
for  the  build,  so  you  could  run  into  build  errors  if 
you  already  have  Ant  installed  on  your  system. 
Temporarily  removing  that  copy  of  Ant  from  the 
system  path  environment  variable  should  solve 
any  conflicts.  Several  example  programs  show 
how  to  use  the  library  to  establish  SSH  terminal 
sessions,  copy  files  to  and  from  remote  servers 
with  SCP,  and  establish  interactive  SFTP  sessions 

with  remote  servers.  Also  included  are  Java  tools 
to  generate  authentication  keys  needed  to  estab¬ 
lish  SSH  connections  with  remote  servers.  While 
terminal  emulation  for  interactive  shell  sessions  is 
weak,  the  SFTP  interface  is  robust  and  easily 
included  in  your  Java  clients. 

Blass  is  a  network  architect  at  Change@Work  in 
Houston.  He  can  be  reached  at  dr.internet@ 
changeatwork.  com. 

In  July  of  2002,  SCU  made  the  move  to 
PeopleSoft  8,  the  Web-enabled  version  of  the 
popular  application  suite.  The  school  uses 
PeopleSoft  to  support  human  resources,  financial 
and  student  administration  applications,  including 
admissions,  financial  aid  and  course  registration 
programs,  says  Ron  Danielson,  chief  information 
officer  for  SCU,  an  8,000-student  university  in 
Santa  Clara,  Calif. 

“As  much  as  we  possibly  can,  it’s  our  intention 
to  push  access  to  administrative  information  out 
to  students,  faculty  and  staff,”  Danielson  says.  With 
the  previous  version  of  PeopleSoft,  that  was  a  chal¬ 
lenge  because  it  required  client  software  on  each 
user’s  desktop.  “With  the  Web  front  end,  anybody 
with  a  browser  can  come  in  and  get  access.” 

Access  they  did,  so  much  so  that  the  university’s 
application  servers  were  overloaded  and  perform¬ 
ance  was  much  slower  than  with  the  previous 
version.  “We  were  one  of  the  first  half-dozen 


universities  in  the  country  to  upgrade  to 
PeopleSoft’s  new  Web-based  product,  and  we 
thought  we’d  spec’d  out  our  network  and  equip¬ 
ment  adequately  to  meet  our  performance 
needs,”  he  says.  “But  we  weren’t  even  close.” 


SCU’S  REDLINE  BENEFITS 
AT  A  GLANCE: 


■  Bandwidth  reduction:  E|X  3250  reduces 
bandwidth  requirements  by  up  to  10M  bit/sec, 
saving  SCU  at  least  $48,000  per  year. 

■  Increases  server  capacity:  Offloads  connection 
management,  1/0  and  SSL  processing, 
essentially  cutting  server  loads  in  half. 

■  Reduces  number  of  network  components: 
Reduces  the  amount  of  data  traffic,  enabling 
network  components  such  as  firewalls  to 
handle  more  load. 


THE  IDEA 


was  to  provide  more  widespread  access  to  business-critical 
enterprise  applications  without  increasing  the  administrative 
burden  on  the  IT  department.  Before  that  goal  would  be  realized,  however, 
Santa  Clara  University  (SCU)  got  a  lesson  in  what  ca  n  go  wrong  with 
Web-based  applications  and,  more  importantly,  how  to  remedy  the  problems. 


LESS  BANDWIDTH, 

MORE  PERFORMANCE 

In  November,  SCU  installed  one  of  Redline’s 
E  |  X  3250  appliances  and  saw  an  immediate. 


IN  SEARCH  OF  A  FIX 

Initially,  Danielson  and  his  staff  tried  throwing 
more  hardware  and  software  at  the  problem.  To  an 
initial  configuration  of  one  Web  server  and  one 
application  server,  they  added  three  more  Web 
servers  and  one  new  application  server.  They  also 
brought  in  performance  management  and  soft¬ 
ware  tuning  tools,  and  changed  some  PeopleSoft 
parameters  related  to  processing  input  from  users. 

“This  brought  performance  to  an  ‘acceptable’ 
level,”  Danielson  says.  “But  now  we  had  six  servers 
instead  of  two,  and  we  were  still  spending  a  lot 
more  time  on  the  problem  than  we  would  have 
liked.” 

In  the  fall  of  2002,  the  university  learned  about 
Redline  Networks  of  Campbell,  Calif  Redline 
makes  a  family  of  appliances  designed  to  improve 
Web-based  application  performance  by  offloading 
from  the  server  I/O  processing  and  connection 
management  chores,  while  compressing  content 
to  conserve  bandwidth.  The  appliances  also  handle 
Secure  Sockets  Layer  (SSL)  processing,  thus 
serving  to  improve  security. 
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dramatic  improvement.  Bandwidth  usage  associated 
with  the  PeopleSoft  applications  plummeted  by 
70%,  thanks  to  the  compression  features  inherent  in 
the  E  |  X  3250.  At  the  same  time,  because 
the  E  |  X  3250  handled  connection  management 
chores  and  I/O  processing,  server  capacity 
effectively  doubled. 

The  magnitude  of  server  capacity  and  per¬ 
formance  improvements  hit  home  when  one  of 
the  university’s  servers  went  down  for  more  than 
a  week.  “We  didn’t  even  notice  a  change  in  per¬ 
formance,”  Danielson  says.  “That  tells  us  how 
much  headroom  the  Redline  box  has  given  us 
with  our  PeopleSoft  applications.” 

Like  the  rest  of  Redline’s  enterprise  applica¬ 


tion  processors,  the  E  |  X  3250  sits  in  front  of 
servers  and  receives  requests  from  hundreds  or 
thousands  of  client  browsers.  It  processes  the 
thousands  of  relatively  slow  requests  as  they 
come  in  from  users  and  shuttles  them  to  the 
appropriate  servers  at  high  speed  over  just  a  few 
dozen  persistent  TCP  connections. 

“As  far  as  the  Web  servers  are  concerned, 
they  have  a  single  connection,  which  is  to  the 
Redline  box,”  Danielson  says.  The  servers  no 
longer  have  to  perform  complex  scheduling  of 
requests  arriving  randomly  over  a  large  num¬ 
ber  of  connections.  Instead,  they  service  each 
response  as  it  arrives  and  send  information 
back  to  the  enterprise  application  processor, 
which  delivers  pages  to  the  client  browser  at 
whatever  speed  the  browser  can  efficiently 
handle. 

The  E  |  X  3250  worked  so  well  for  SCU’s 
PeopleSoft  implementation  that  the  university 
soon  installed  an  additional  unit  to  improve  the 
performance  of  Novell  GroupWise  servers  that 
provide  Web-based  e-mail  access.  Here  the  E  |  X 
3250  sits  in  front  of  four  servers,  performing 
load  balancing,  connection  management  and 
compression.  For  its  GroupWise  application,  the 
university  also  takes  advantage  of  the  E  |  X  3250’s 
SSL  offload  capability,  which  obviates  the  need 
for  the  servers  to  maintain  large  amounts  of  user 


data,  including  client  certificate  infor¬ 
mation.  It  also  ensures  that  end  users 
have  no  direct  access  to  the  application 
servers  and  the  often-sensitive  infor¬ 
mation  they  contain. 

Results  from  the  GroupWise  imple¬ 
mentation  have  been  similar  to  those 
for  PeopleSoft:  bandwidth  consump¬ 
tion  on  the  university’s  WAN  links  has 
been  cut  in  half  and  response  time  has 
improved. 

SAVINGS,  SAVINGS, 
SAVINGS 

The  bottom  line,  Danielson  says,  is 
that  the  Redline  appliances  enable 
SCU  to  realize  savings  in  three  areas: 
bandwidth  reduction,  increased  server 
capacity  and  extended  life  cycle  of 
other  network  components. 
Bandwidth  savings  come  from  the 
compression  features  of  the  appliance,  which  are 
browser-aware  to  adaptively  compress  content 
for  each  requesting  user  and  never  require  spe¬ 
cialized  client  software.  The  features  save  6M  to 
10M  bit/sec  of  bandwidth,  which  Danielson  says 
would  cost  the  university  an  additional  $4,000 
to  $5,000  per  month. 

In  terms  of  server  capacity,  Danielson  figures 
he  could  remove  two  of  the  four  servers  sup¬ 
porting  his  PeopleSoft  implementation  without 
suffering  a  performance  hit,  although  he  has 
opted  to  leave  the  installation  as-is  to  allow  for 
anticipated  growth  in  the  number  of  applica¬ 
tions  and  users.  Similarly,  on  the  e-mail  side, 
“We  probably  won’t  have  to  grow  that  server 
farm  dramatically  to  handle  additional  load,”  he 
says. 

Just  as  the  Redline  appliances  enable  him  to 
get  more  life  out  of  his  servers,  they  do  the  same 
for  network  components  such  as  firewalls. 
“With  the  Redline  box  reducing  bandwidth 
usage,  there’s  less  for  the  firewalls  to  examine,”  so 
a  single  firewall  can  effectively  handle  more 
load. 

In  coming  months,  SCU  will  be  adding  to  its 
Redline  implementation  another  server  group 
that  supports  university  financial  applications. 

To  sum  up,  Danielson  says,  “This  box  delivers 
on  all  its  claims.” 
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We  recently  ran  several  columns 
about  a  network  back-up  appli¬ 
ance  called  the  Intradyn 
RocketVault,  (the  last  was  www.network- 
world.com,  DocFinder:  6938),  and  we  con¬ 
cluded  by  saying  we  really  liked  the  prod¬ 
uct  even  though  it  “has  a  few  rough  edges.” 

We  criticized  the  setup  process  and  the 
documentation  and  mentioned  Intradyn’s 
claim  that  the  RocketVault  is  usually  “set 
up  by  a  dealer  so  the  majority  of  users 
never  will  have  to  wrestle  with  these 
issues.” 

But  our  biggest  complaint  was  reserved 
for  RocketVault’s  e-mail  reports:  “The 
reports  are  gobbledygook  —  unremitting¬ 
ly  techie  and  full  of  extraneous  detail  that 
make  them  look  more  like  debug  traces 
designed  by  a  committee  of  engineers 
who  obviously  had  never  met  a  live  end 
user’’ 

Since  we  wrapped  up  the  review  the 
RocketVault  has  been  sitting  in  the  secret 
underground  Gearhead  test  bunker  doing 


A  revised  review,  the  aftermath  of  real  life 


its  thing,  and  we’ve  got  a  better  apprecia¬ 
tion  for  what  this  device  really  is  and  does. 

One  of  the  first  things  we  discovered 
about  the  system  actually  had  nothing  to 
do  with  the  RocketVault.  Our  hosting  pro¬ 
vider,  Easycgi.com,  dropped  us  a  note  to 
say  that  we  were  violating  the  terms  and 
conditions  of  its  service. 

Of  course,  we  had  just  glanced  at  the  fine 
print  in  the  company’s  Terms  and  Condi¬ 
tions  so  we  missed  the  bit  that  says,  “Web 
space  is  not  to  be  used  as  an  image, sound, 
or  file  library  repository,  or  any  other 
backup  or  storage  solution.” 

As  we  had  tested  the  RocketVault’s  ability 
to  store  backups  on  a  remote  FTP  site 
using  our  Easycgi  account,  we  had  unwit¬ 
tingly  run  afoul  of  the  agreement.  Given 
that  Easycgi  charges  for  disk  space  and 
traffic,  it  seems  odd  that  such  restrictions, 
particularly  specific  to  “backup  and  stor¬ 
age  solutions,”  would  be  placed  on  hosting 
accounts.  Oh  well,  there’s  no  accounting 
for  business  decisions. 

Anyway,  it  might  be  a  clue  to  the 
Intradyn’s  engineering  philosophy  that 
when  we  selected  RAID  Status  from  the 
management  interface  (something  we 
hadn’t  done  before,  as  our  machine  does¬ 
n’t  have  RAID)  we  got  a  message  that  read, 
“Why  are  u  [sic]  here  . . .  you  have  no  raid 


controller’’We  don’t  think  we  need  to  com¬ 
ment  on  this  any  further. 

After  using  the  RocketVault  for  a  while  we 
realized  that  unless  the  dealer  that  installs 
the  product  also  is  managing  it,  the  end 
user  is  up  a  certain  creek  without  a  paddle. 
Consider  this  e-mail  report  for  a  new 
exception  condition:  “FAILURE  AND 
STRANGE  DUMP  SUMMARY: . . . 

localhost.  //PEPPER/MUSICLIBRARY  lev 
0  FAILED  [disk  //PEPPER/MUSICLIBRARY 
all  estimate  failed].” 

In  an  attempt  to  decode  this  we  wrote  to 
Intradyn  asking  what  it  all  meant. 

A  week  later,  while  still  waiting  for  a 
response  from  Intradyn,  the  messages 
changed  to  include  “out  of  tape”  (of  course, 
there  is  no  tape,  this  is  a  disk-based  sys¬ 
tem), “dump  to  tape  failed”  (well,  it  would), 
and  “no  more  holding  disk  space.” 

Ah.  Now  we  get  it.  But  we  still  haven’t  had 
an  answer  from  Intradyn. 

It  turns  out  that  the  core  software 
RocketVault  uses  is  an  open  source  project 
called  Amanda,  which  stands  for  the  Ad¬ 
vanced  Maryland  Automatic  Network  Disk 
Archiver  (wwwamanda.org). 

Moreover,  all  the  status  messages  (for 
example,  the  reports  of  “strange”  events) 
that  are  e-mailed  to  users  are  more  or  less 
the  original  output  of  the  Amanda  soft¬ 


ware.  In  other  words,  Intradyn  hasn’t  done 
a  whole  lot  of  work  to  front-end  what  is  a 
complex,  technical,  back-up  solution.  Even 
more  problematic  is  the  lack  of  documen¬ 
tation  to  help  resellers  and  end  users 
understand  the  nature  of  these  error 
reports. 

This  raises  some  interesting  questions 
about  the  product’s  true  value.  While 
there’s  no  doubt  that  delivering  the 
RocketVault  system  (hardware,  software 
and  packaging)  at  the  product’s  price  was 
quite  an  engineering  feat,  we  have  to  won¬ 
der  whether  the  system  provides  as  many 
new  problems  as  it  solves. 

But  if  you  want  a  really  big  concern  just 
consider  that  if  journalists  who  actually 
like  the  product  can’t  get  a  response  re¬ 
garding  a  technical  issue,  what  chance  do 
resellers  or,  worse  still,  end  users  stand  in 
resolving  their  problems? 

We  still  like  the  idea  of  the  RocketVault, 
but  until  Intradyn  makes  the  product  easi¬ 
er  to  use  and  improves  support,  we  will 
downgrade  our  review’s  conclusion  from 
positive  to  neutral. 

Your  productive  thoughts  to  gearhead 
@gibbs.com  and  Gearblog  ( www.nwfu 
sion.com/weblogs/gearblog/)  is  waiting 
for  your  delectation. 


CoolTools 

Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


Create  DVDs  without  a  computer 

Part  of  the  problem  with  taking  home  videos  and  putting 
them  on  DVD  has  been  the  conversion  process  and  the 
use  of  a  PC  as  the  middleman.  Sony  last  week  got  rid  of  the 
middleman  with  its  DVDirect  recorder,  which  lets  users 
convert  video  footage  from  a  digital  camcorder  in  real 
time  to  a  DVD  without  going  through  a  PC.  The  recorder 
(model  VRD-VC20)  is  scheduled  to  be  available  later  this 
month  for  $300,  with  pre-orders  at  www.sonystyle.com. 

In  addition  to  connecting  to  a  digital 
camcorder,  the  device  connects  to 
analog  camcorders,  VCRs  and  other 
video  sources.The  system  also  can 
be  attached  to  a  PC  for 
more-advanced 
DVD  burning 
projects,  Sony 
says.The  model 
includes  a  digi¬ 
tal  video  input 
(Sony’s  i.LINK 
IEEE  1394  port); 
stand-alone  record¬ 
ing  support  for  DVD-R 
and  DVD-RW  discs; 
and  DVD+R,  DVD+R 
double  layer  (DL) 


What’s  missing  in  this  picture?  With 
Sony's  new  DVDirect  recorder  you 
can  transfer  camcorder  footage 
directly  to  DVD.  No  PC  needed. 


and  DVD+RW  discs. 

When  connected  without  a  PC,  the  recorder  still  can  ere 
ate  a  DVD  menu  and  automatically  or  manually  generate 
titles  and  chapters  on  a  disc, Sony  says.The  system  can  bum 
up  to  12  hours  of  MPEG-2  video  onto  compatible  DVD+R 
DL  discs,  or  up  to  six  hours  onto  a  standard  singlelayer  disc. 

When  connected  to  a  PC  via  USB  2  ports,  users  can  add 
graphics  and  music  to  the  videos.  When 
connected  to  a  PC,  the  system  can  burn 
DVD-R  and  DVD+R  discs  at  16x  speed, 
about  6  minutes  of  recording  time. 

Sony  says  it  also  supports  8x 
DVD+R,  6x  DVD-RW  48x  CD-R  and 
24x  CD-RW  recording  speeds.  The 
system  will  come  with  a  Nero  soft¬ 
ware  suite,  which  includes  DVD 
video  authoring,  DVD/CD  burning 
and  data  writing  features.  The  software  also  comes  with  a 
DVD  player  software  application,  back-up  software,  virtual 
disk  drive  software,  jukebox,  disc  labeler  and  drive  utilities. 

Axis  adds  WPA2  support  for  wireless  print  server 

Axis  Communications  last  week  announced  an  802.1  lg 
wireless  LAN  print  server  that  can  work  with  Wi-Fi 
Protected  Access  2  (WPA2)  networks. 

The  Axis  OfficeBasic  USB 
Wireless  G  Print  Server  ($140)  is  ^ 
geared  for  small  businesses  and 
home  offices,  and  offers  an 
encrypted  installation  process 
similar  to  secure  Web  transmis¬ 
sions  used  in  Internet  banking. 

The  device  lets  computers  wirelessly 
connect  to  a  USB-enabled  printer.  This 
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Who  needs  wires?  The  Axis  wireless  print  server  works  with 
802.11b  or  g  networks. 


reduces  cabling  costs  and  gives  businesses  flexibility  in 
positioning  printers  and  computers.The  print  server  works 
on  802.1  lb  or  g  networks,  and  supports  WPA  and  Wired 
Equivalent  Privacy  security.  More  information  is  available  at 
the  Axis  Web  site. 

Epson  projector  aims  at  all-in-one  usage 

Epson  last  week  launched  its  FbwerLite  S3,  a  $900  LCD 
projector  aimed  at  office,  school  and 
home  users.  The  5.6-pound  device 
offers  1,600  lumens  of  brightness 
and  SVGA  (800-by-600-pixel) 

Epson’s  new  projector  claims  to 
be  easy  on  the  eyes. 


native  resolution,  and  includes  Epson’s  3LCD  technology  a 
three-chip  design  “that  projects  continuous  color  and 
bright  natural  images  that  are  easy  on  viewers’  eyes,”  the 
company  says. 

Features  include  a  135-watt  lamp  that  lasts  for  up  to  3,000 
hours  (replaceable  for  $200),  28-decibel  operating  noise 
and  30-degree  keystone  correction. The  projector  can  show 
a  60-inch  image  from  a  distance  of  only  5.9  feet,  and 
includes  a  software-based  security  feature  that  helps  pre¬ 
vent  theft  and  unauthorized  use. 

Special  features  include  a  verification  tone  that 
lets  users  know  immediately  that  the  power  is 
on,  with  a  Ssecond  boot  cycle;  the  ability  to 
display  a  signal  immediately  once  a  cable 
j  from  a  computer  or  video  source  is 
attached;  and  an  “Instant  Off”  function  that 
lets  users  power  down  and  unplug  the  pro¬ 
jector  immediately  without  having  to  wait  for  a 
cool-down  cycle. 

Shaw  can  be  reached  at  kshaw@nww.com. 


“Canob  am  sets  up 

at  a  moments  notice 

.  .  "■  .....  ....  _.  . 

for  connectivity  on  the  fly. 

Bob  Shiafto,  Senior  Communications  Manager 
International  Speedway  Corporation 


AutoTracking  E  uilt-in  to  All  Models 
GigE  Speed  and  Affordability 
Connects  With  More  Users. 


EbCanobeam  stayedl 
‘on  the’a i r^th roughout 
the  (Florida)  storms.” 

Tom  Bennett.  Technical  Co-Principal, 
Omnispring 


“Canobeam  is  doing 
exactly  hat  they  said  it 
would  on  an  optimal  level. 

.  ^p|.  John  Kratochvil,  Director  of  IT 
Edmonton  Economic  Development  Corporation 


►  Data  speeds  from  ►  Data  speeds  from  ►  Data  speed  at  1.25Gbps 
25Mbps  to  156Mbps  25Mbps  to  156Mbps  for  Gigabit  Ethernet 

►  Data  transmission  ►  Data  transmiss  on  ►  Data  transmission 
from  20m  to  500m  from  100m  to  2km  from  100m  to  1000m 


More  and  more  users  are  discovering  the  benefits  of 
Canobeam  FSO  wireless  transmission  for  primary  or 
redundant  applications.  They  include  a  broad  base  of 
users  from  commercial  Internet  providers  maintaining 
the  integrity  of  their  networks,  to  office  campuses 
where  installing  fiber  between  buildings  is  cost- 


prohibitive,  to  race  tracks  where  fast  data  access 
needs  can’t  be  met  with  traditional  fiber  installations. 
In  those  applications  and  many  more,  Canobeam 
DT-100  Series  units  feature  the  speed,  dependability 
and  AutoTracking  requirements  that  provide  the 
perfect  solution  for  more  and  more  users. 


See  us  at  Networld  +  Interop  Booth  #749 


Find  out  more  at  canobeam.com 
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OM  TECHNOLOGY 

Adam  Gaffin 

Same  content 
different  Web 
address 


After  nine  and  a  half  years  online,  it’s  time  to  say  good¬ 
bye  to  Network  World  Fusion.  But  don’t  worry  we’re 
not  abandoning  the  Web.  in  fact,  today  we  launch  a 
completely  revamped  Web  site  —  as  NetworkWorld.com. 

Why  the  name  change?  “Network  World”  is  the  name 
you  know  and  trust. We  kept  noticing  that  people  looking 
for  our  stories  and  other  resources  would  often  wind  up 
at  networkworld.com  (formerly  our  corporate  site)  — 
where  they’d  then  have  to  follow  a  link  to  Network  World 
Fusion.  So  we’re  going  with  the  strong  brand  and  eliminat¬ 
ing  the  confusion.  But  don’t  worry  about  your  bookmarks 
or  links.  We’ve  made  sure  the  old  nwfusion.com  URLs 
will  still  work  —  you’ll  just  be  redirected  to  the  network- 
world.com  versions. 

There’s  a  lot  more  to  the  site  than  just  a  new  logo.  We’ve 
tried  to  come  up  with  ways  to  make  it  as  easy  as  possible 
for  you  to  find  the  information  you  need  to  more  effec¬ 
tively  run  your  network  —  such  as  tests  and  buyer’s 
guides,  daily  news  and  collections  of  useful  stories  from 
the  print  issue. 

For  example,  we’ve  moved  links  related  to  stories  from 
the  very  bottom  to  the  top  right  corner  of  the  stories, 
which  makes  them  easier  to  find  and  gets  you  more 
quickly  to  other  relevant  resources. 

We’ve  reorganized  our  technology-specific  Research 
Centers  to  align  them  better  with  enterprise  networking 
today.  We’ve  added  a  Servers/Desktop  resource  center, 
where  you’ll  find  the  latest  server,  data  center  and  desk¬ 
top/laptop  news  and  resources.  All  of  the  centers  now  have 
additional  subtopics  that  let  you  drill  down  even  further 
(via  new,easier-to-find  tabs  at  the  tops  of  each  page). 

For  example,  under  Wireless/Mobile,  you’ll  find  Wireless 
LANs,  Wireless  Services,  Wireless  Security  and  Handhelds. 
Each  Research  Center  also  has  its  own  topic-specific 
search  box,  so  you  can  get  to  the  information  you  need 
quickly  Each  of  our  Research  Centers  now  also  has  a 
topic-specific  Vendor  Solutions  link,  bringing  you  to  the 
relevant  white  papers  and  other  resources  from  our 
advertising  partners. 

Equally  important  is  what’s  happening  behind  the 
scenes.  We’re  training  our  news  editors  in  our  content 
management  system, so  they’ll  be  able  to  play  a  more 
direct  role  in  finding  and  organizing  resources  you’ll  want 
to  know  about. With  the  redesign  done,  we’ll  now  focus 
on  improving  our  forums  and  Weblogs. 

So  take  a  look  around.  Let  us  know  what  you  like  — 
and  as  important,  what  you  don’t.Take  our  redesign 
survey  (www.networkworld.com,  DocFinder:  6940)  or 
drop  me  a  line. 


—  Adam  Gaffin 
Executive  editor,  online 
agaffin@nww.  com 


Sounding  off  on  spyware 

Regarding  the  story  “Spyware  flap  looks  headed  for 
court”  (www.networkworld.com,  DocFinder:  6925) :  If 
Todd  Sawicki  of  the  adware  firm  180solutions  is  so 
committed  to  his“belief  that  the  person  has  the  right 
to  choose  what’s  on  the  machine,”  I  have  a  simple 
solution  to  prevent  his  software  from  being  removed 
by  anti-spyware  programs.  Lobby  Congress  to  pass  a 
law  that  anti-spyware  programs  cannot  remove  any 
software  that  displays  the  following  disclaimer,  in 
bold,  20-point  type,  before  installation:  “By  installing 
this  software,  you  agree  that  your  activities  on  the 
Web  will  be  tracked,  and  we  have  permission  to  dis¬ 
play  advertising  relevant  to  your  Web  surfing  habits.” 
Then  we  truly  will  see  which  consumers  choose  to 
install  his  software. 

Paul  Lourd 
Greenwich,  Conn. 

If  adware  companies  can  threaten  legal  action  to  try 
to  pressure  software  vendors  to  remove  the  adware 
from  detection  databases,  then  it  seems  consumers 
like  myself  need  to  take  the  next  step:  Take  adware 
vendors  to  court  for  their  intrusion  into  our  business 
and  private  computing  systems.  After  all,  the  door 
swings  both  ways. 

William  Butler 
IT  staff,  technology  department 
Gilmer  Independent  School  District 
Gilmer, Texas 

I  can’t  help  but  laugh  at  the  adware  companies  cry¬ 
ing  foul,  especially  since  the  one  most  quoted  in 
your  story  (180solutions)  managed  to  infest  a  com¬ 
puter  of  mine  so  thoroughly  that  only  a  complete  re¬ 
done  managed  to  get  rid  of  it.  If  the  anti-spyware 
companies  want  to  avoid  litigation,  can’t  they  just 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World,  1 18  Turnpike  Road,  Southborough,  MA  01 772. 
Please  include  phone  number  and  address  for  verification. 


www.networkworld.com 


opinions! 


have  an  extra  tab  or  function  to  dean  up  adware?  If 
that’s  what  these  companies  want  to  be  called,  fine. 
Still,  give  me  the  option  to  clean  all  their  bandwidth- 
and  resource-choking  garbage  off  my  system. 

Dustin  Kreidler 
Assistant  network  administrator 
Regis  High  School 
New  York 

Adware  vendors  are  prima  facie  felons.  They  create 
software  designed  to  enter  my  business  or  domicile 
without  permission,  implant  surveillance  devices 
(tracking  cookies),  steal  things  of  value  to  me  (per¬ 
sonal  information,  contents  of  my  address  book), 
commit  theft  of  services  (the  clock  cycles  required 
to  run  their  software),  commit  false  imprisonment 
by  browser  hijacking,  commit  theft  of  services  by 
causing  my  computer  to  go  to  their  sites  and  the 
sites  of  their  co-conspirators  and  deliver  unwanted 
advertising.  They  cause  users  to  spend  valuable 
resources  hiring  people  like  me  to  install  anti-spy¬ 
ware  and  anti-adware  programs  so  they  can  recover 
the  functional  use  of  their  computers.  And  yet  they 
have  the  gall  to  send  cease  and  desist  letters  to  com¬ 
panies  like  Computer  Associates  that  produce  soft¬ 
ware  that  allows  us  to  remove  their  software  from 
computers  and  keep  it  off. 

If  what  these  companies  do  via  software  were 
done  by  a  human  being,  that  person  would  be 
spending  time  in  the  Federal  Correctional  Facility  at 
Fort  Leavenworth,  Kan.  That  person  would  have  to 
trespass  to  get  on  my  property  would  be  committing 
burglary  or  robbery  to  enter  the  house  and  steal  the 
same  information  that  adware  vendors  steal  and 
would  be  breaking  and  entering  to  implant  the  sur¬ 
veillance  devices.  What  makes  adware  vendors  think 
they’re  any  different? 

Richard  Radcliffe 
Owner 
Kondor  Waffenamt 
Apple  Valley  Calif. 


More  online! 


www.networkworld.com 


Rnd  out  what  readers  are  saying  about  these  and  other  topics. 

DocFinder:  6924 


NetworkWoridfll 


www.networkworld.com 


5/2/05 


CYBERSPACES 

Daniel  Blum 


ood  information  security  professionals 
don’t  need  a  regulation  to  tell  them  it’s 
important  to  protect  their  business.  But, 
overprotecting  the  business?  That’s  another 
matter. 

Section  404  of  the  Sarbanes-Oxley  Act’s 
(SOX  404)  focus  on  internal  control  has  been 
a  welcome  call  to  action  for  some;  others  say  it  goes  too  far.  A  variety  of 
companies  and  industry  associations  presented  the  Security  Exchange 
Commission  (SEC)  and  the  Public  Company  Accounting  Oversight 
Board  (PCAOB)  with  a  litany  of  complaints  and  suggestions  at  the 
SEC’s  public  roundtable  last  month. 

The  backlash  against  SOX404’s  high  documentation,  testing  and  audit 
costs  probably  will  lead  the  PCAOB  to  rein  in  overzealous  auditors.The 
SEC  also  might  provide  more  relief  for  small  companies,  which  already 
obtained  an  extension  of  their  compliance  deadline  to  July  2006. 

Beyond  such  changes,  few  would  advocate  throwing  the  baby  (SOX’s 
investor  protections)  out  with  the  bath  water  (excessive  SOX  404 
audits).  Besides,  SOX  404  compliance  brings  its  own  rewards  for  com¬ 
panies,  if  scoped  correctly 

PCAOB’s  current  guidelines  call  for  companies  to  develop  internal 
controls  based  on  risk  management  considerations  —  what  risks  to 
accept,  avoid  or  transfer  before  rushing  in  with  protective  measures. 
Moreover,  the  cost  of  protections  should  be  proportionate  to  the  con¬ 
sequences  they  prevent  or  other  benefits  they  bring  to  the  business.  If 
SOX  is  causing  your  company  to  increase  emphasis  on  risk  manage¬ 
ment,  that’s  a  good  thing  in  itself. 


Risk  mgmt.,  controls  key  to  SOX 


SOX  risk  management  runs  a  bit  sideways  to  traditional  risk  manage¬ 
ment,  which  focuses  on  preventing  major  losses.  SOX  doesn’t  care,  so  to 
speak,  whether  the  company  loses  money  as  long  as  it  accurately 
reports  on  losses.There fore,  SOX  remediation  should  pay  the  most  atten¬ 
tion  to  locations,  systems  and  applications  that  deal  directly  with  large 
amounts  of  financial  information.  Companies  should  make  sure  that 
auditors  do  the  same. 

Along  with  scoping,  companies  must  develop  a  control  framework 
for  SOX.  This  framework,  consisting  of  control  objectives  and  control 
activities,  should  be  based  on  the  nature  of  the  business  and  its  inform¬ 
ation  security  program.  It  should  contain  no  more  and  no  less  than  is 
required  to  protect  resources  in  scope  for  SOX  compliance. 

While  SOX  compliance  is  expensive,  much  of  the  effort  is  reusable. 
Every  company  should  be  doing  risk  management,  for  example.  Many 
control  activities  —  such  as  deploying  firewalls,  access  controls  and 
audit  logs  —  represent  best  practices  you  should  be  following  anyway. 

SOX  404  itself  is  unlikely  to  go  away.  Companies  should  treat  its 
mandate  as  an  opportunity  to  strengthen  risk  management,  informa¬ 
tion  security  and  compliance  to  a  growing  body  of  regulations  — 
not  just  SOX.  The  trick  is  to  document  control  frameworks  for  SOX 
and  any  other  regulations  in  such  a  way  as  to  limit  the  scope  of  SOX 
audits  but  reuse  appropriate  security  practices  and  control  activities 
across  the  business. 


The  backlash 
against  SOX 
404’s  high  docu¬ 
mentation,  test¬ 
ing  and  audit 
costs  probably 
will  lead  the 
PCAOB  to  rein 
in  overzealous 
auditors. 


Blum  is  senior  vice  president  and  research  director  with  Burton  Group, 
an  integrated  research,  consulting  and  advisory  service.  He  can  be 
reached  at  danjblum@yahoo.com. 


YANKEE  INGENUITY 

Howard  Anderson 

We’re  screwed. There’s  no  other  way  to 
put  it.  Who’s  “we?”The  network/data- 
com/telecom  industry.  And  why  are 
we  screwed?  Because  demand  is  dead. 
Kaput. Moribund.  Innovation  has  never  been 
better,  and  demand  has  never  been  worse. 
The  industry  owes  its  presence  to  venture 
capital.  But  venture  capital  returns  are  tanking  and  will  be  for  the  next 
five  years.  During  the  boom,  venture  capital  raised  $100  billion  per  year, 
which  financed  5,000  new  companies  each  year. Today  venture  capital 
is  financing  445  IT  security  companies  and  60  radio  frequency  identifi¬ 
cation  companies. There  are  three  times  as  many  venture  firms  and  10 
times  the  capital  of  just  10  years  ago.  Capital  is  not  the  problem;  demand 
is  and  will  continue  to  be. 

The  two  markets  that  we  could  always  count  on  —  telecom  carriers 
and  enterprise  network  users  —  are  sitting  on  their  hands  and  their 
pocketbooks.The  hype  machine  that  worked  so  well  for  so  long  is  bro¬ 
ken,  maybe  forever.  We  told  enterprise  network  users  that  information 
was  a  strategic  asset  and  the  CIOs  overbought;  we  told  the  world  that 
Y2K  would  kill  them  and  they  bought  even  more;  we  said  that  every 
existing  company  would  be’Amazoned”  into  oblivion  unless  they  got  a 
black  belt  in  spending  by  Webifying  their  applications  and  they  bought. 
Then  the  corporados  reined  in  their  spending  and  told  their  CIOs  they 
had  to  make  do  with  flat  budgets,  or  else. We  scared  the  telcos  into  over¬ 
buying  next-generation  technology  by  financing  the  competitive  local 
exchange  carriers,  and  then  the  few  telcos  left  standing  figured  out  that 
the  CLECs  weren’t  viable. The  CLECs  not  only  stopped  buying,  but  they 
also  shut  down.  Result?  The  telcos  stopped  buying,  too. 

OK, so  hype  is  dead.  Is  that  our  only  problem?  No.  Our  problem  is  that 
the  technology  stock  market  is  acting  rationally  That’s  a  problem?  You 
bet.  We  need  enough  irrational  valuation  so  that  new  companies  can 
sell  at  10  times  sales  or  get  merged  for  at  least  five  times  sales.  But  today, 
the  average  IPO  is  at  2.5  to  three  times  sales,  and  merger  prices  are  half 


Game  over:  Demand  is  dead 


that.  It  takes  $100  million  in  capital  to  build  a  carrier-class  equipment 
company  and  $30  million  in  capital  for  an  enterprise  software  com¬ 
pany  to  break  even.  If  the  payoff  is  only  three  to  five  times  the  invest¬ 
ment,  then  the  industry  is  screwed.  Why?  Because  only  10%  of  the  com¬ 
panies  get  that  far.  In  the  old  days,  you  could  go  to  Williams  Tele¬ 
communications  with  your  new  product.  Matt  Bross,  the  CTO,  would 
join  your  board, Williams  would  get  options  on  your  stock  and  you  were 
golden.  If  you  had  enterprise  software  or  hardware,  you  trundled  off  to 
Bear  Stearns,  where  Jeff  Marshall  would  validate  your  technology  and 
be  a  buyer,  go  on  your  advisory  board,  and  then  you  had  a  real  “refer- 
enceable”  customer,  which  would  put  your  company’s  value  in  the 
mega-millions,  if  not  low  billions. 

Today?  No  way  Can’t  happen. The  carriers  are  investing  next  to  noth¬ 
ing  in  their  wireline  operations  and  not  all  that  much  in  wireless. 
Enterprise  network  users  aren’t  buying  much  of  anything,  either.  Stock 
markets  are  acting  rationally  and  will  for  the  next  five  years. Companies 
still  standing  will  buy  up  good  technology  for  pennies  on  the  dollar 
and  the  industry  will  be  stagnant  for  the  next  five  years. We’ll  have  hun¬ 
dreds  of  companies  hanging  on,  running  out  of  money  and  hoping 
against  hope  that  demand  will  return,  valuations  will  go  stratospheric 
and  they  will  pass  from  the  nonviable  to  viable  stage.  Breaking  even  will 
be  the  goal,  not  world  domination. 

What  will  happen  to  all  the  investment  money  that’s  hanging  out 
there?  It  will  find  new  homes,  like  private  equity  which  does  leveraged 
buyouts  and  maybe  new  areas  of  investment  such  as  biotechnology 
international,  media  or  online  music.  But  investment  in  young  telecom 
and  enterprise  network  companies  is  going  to  be  hard  coming. 

Have  I  slipped  from  cautiously  skeptical  to  irrevocably  cynical? 
Maybe.  Do  I  hope  I  am  wrong?  Yes.  Am  I?  No. 


OK,  so  hype  is 
dead.  Is  that  our 
only  problem? 
No.  Our  problem 
is  that  the  tech¬ 
nology  stock 
market  is  acting 
rationally. 


Anderson  is  senior  managing  director  of  YankeeTek  Ventures,  a  Cam¬ 
bridge,  Mass.,  venture  capital  fund  for  eariy-stage  technology  companies. 
He  can  be  reached  at  handerson@yankeetek.com. 


Slabs  teams  dig  deep 

on  SIP  interoperability,  secure  access 
and  open  source  integration 


Like  they've  done  for  more  than  15 
years  now,  dozens  of  engineers  from 
all  walks  of  network  life  last  month 
gathered  in  a  dank  warehouse  in 
Belmont,  Calif.,  for  what  they  refer  to 
as  “summer  camp  for  geeks.” 

As  part  of  the  2005  Interop  InteropNet  Labs  (iLabs), 
these  engineers  tested  the  interoperability  of  hundreds 
of  commercial  and  open  source  products.  This  testing 
culminates  this  week  in  a  series  of  public  demonstra¬ 
tions  at  Interop.  But  the  testing  process  itself  provides 
a  window  into  how  these  products  adhere  to  standard 
protocols  and  the  hoops  you  might  need  to  jump 
through  to  get  them  working  on  your  own  network. 

As  the  media  sponsor  of  iLabs,  Network  World  gets 
exclusive  access  to  the  testing  results  from  the  iLabs 
hot  stage  event  that  took  place  in  early  April.  The  three 


focal  points  of  this  year's  iLabs 
endeavors  that  we  outline  in  our  cov¬ 
erage  are: 

•  Interoperability  of  Session  Initia¬ 
tion  Protocol  (SlP)-based  VoIP  wares. 

•  Secure  wired  and  wireless  LAN 
access  based  on  a  wide  array  of  security  protocols. 

•  Open  source  operating  systems  and  applications 
integration  with  current  Windows  environments. 

We've  placed  Network  World  Lab  Alliance 
partners  Joel  Snyder  on  the  SIP  team  and  Rodney 
Thayer  on  the  Full  Spectrum  Security  team  to  provide 
a  closer  look  at  the  state  of  those  two  technology  areas. 
Additionally,  Network  World  Executive  Editor  of  Testing 
Christine  Burns  worked  with  the  open  source  team  to 
publish  their  initial  findings  (www.networkworld.com, 
DocFinder:  6931). 


Advanced  SIP  interoperability  is  slow  in  the  making 


■  BY  JOEL  SNYDER,  NETWORK  WORLD  LAB 
ALLIANCE 

A  team  of  20  iLabs  engineers  spent  eight  days 
running  more  than  1,100  SIP  interopera¬ 
bility  tests,  and  the  conclusion  is  that  having 
multi-vendor  VoIP  devices  work  together  is 
by  no  means  a  given. 

Last  year,  the  VoIP  using  SIP  iLabs  team  saw  a  high 
degree  of  basic  interoperability  between  different 
SIP  phones  and  proxies  (DocFinder. 6921). When  we 
expanded  the  testing  this  year  to  include  enterprise 
VoIP  features,  standard  security  parameters  and 
video  (see  sidebar,  page  56),  we  encountered  signif¬ 
icant  failure  rates.  Out  of  1,113  interoperability  tests 
18%  were  outright  failures. 

All  told,  we  tested  75  products  from  25  vendors, 
including  IP  hard  and  softphones, videophones, SIP 
proxies,  firewalls,  and  wired  and  wireless  switches. 
Our  test  of  enterprise  features  (see  How  we  did  it 
and  Test  plan  stories  at  DocFinders:  6922  and  6923) 
focused  on  those  required  for  large-scale  VoIP  de¬ 
ployments  including  call  forwarding,  call  waiting, 
message  waiting  indicator,  blind  and  attended  call 
transfer,  hold/resume  with  music,  and  dual-tone 


multifrequency  testing. We  chose  features  to  test  SIP 
interoperability  and  didn’t  look  at  features  that 
don’t  require  interoperability  such  as  last  number 
redial. 

We  ran  into  some  major  interoperability  prob¬ 
lems  early  on  in  the  testing.  For  example,  3Com’s 
655  Series  SIP  phones  proved  to  be  so  recalcitrant 
in  their  SIP  implementation  that  3Com  engineers 
pulled  them  from  the  test  bed. 

We  locked  up  one  of  Grandstream’s  ATA-Handy- 
Tone  486  devices,  and  iptel.org’s  SIP  Express  Router 
running  released  software  had  serious  problems 
completing  calls  properly  that  were  only  solved  by 
upgrading  the  box  to  an  unreleased  version  of  the 
software. 

While  it’s  important  to  note  that  we  had  failures 
across  the  board,  the  enterprise  feature  that  re¬ 
quires  the  most  SIP  interoperability  work  is  call 
transfer.  With  call  transfer,  among  the  phones  that 
supported  both  blind  and  attended  call  transfer, 
only  43%  passed  the  test.  Call  transfer  requires  that 
many  SIP  messages  get  passed  around  to  send  the 
call  between  phones  without  dropping  the  call  or 
the  audio.  In  the  case  of  an  attended  call  transfer 
across  a  single  SIP  proxy  there  is  a  minimum  of  46 


SIP  messages  that  must  align  for  the  transfer  to 
work  properly. 

Even  with  the  less-than-optimal  test  results  across 
all  features,  we  had  strangely  anomalous  behavior. 
For  example,  we  conducted  a  significant  amount  of 
the  testing  via  speakerphone.  However,  when  we  re¬ 
tested  a  Grandstream  phone  using  the  handset  in¬ 
stead  of  the  built-in  speakerphone,  it  failed  the 
same  test  it  had  previously  passed. 

Our  tests  show  that,  if  enterprise  features  are 
required,  picking  phones  and  gateways  from  dif¬ 
ferent  vendors  is  a  poor  choice  at  this  time.  For 
example,  we  had  difficulty  in  mixing  and  match¬ 
ing  a  Pingtel  SIPxchange  server  with  Zultys 
phones.  Both  were  completely  compliant  with  SIP 
standards,  but  Pingtel  required  a  registration  for¬ 
mat  that  the  Zultys  phone  couldn’t  be  configured 
to  send.  Instead,  network  managers  should  focus 
on  finding  a  single-vendor  SIP  proxy  server  and 
phone  combinations,  or  a  very  small  number  of 
very  well  tested  phone  vendors  that  have  a  com¬ 
mitment  to  interoperability 

The  SIP  standards  deal  with  very  low-level  opera¬ 
tions.  Because  features  such  as  “conference  calling” 

See  SIP,  page  54 


DB2.  ONLY  THE  PERFORMANCE  IS  HIGH. 

DB2  has  done  it  again.  According  to  a  Market  Magic  Study, 
DB2  costs  “on  average  22%  less  than  Oracle.”1 

The  Transaction  Processing  Performance  Council  results 
show  that  DB2  and  eServer™  p5-595  are  more  than  twice 
as  scalable  as  Oracle  Real  Application  Clusters,  making 
them  the  overwhelming  performance  and  scalability 
leader  forTPC-C.2  And  an  ITG  study  showed  overall  costs 
for  Oracle  Database  up  to  four  times  higher  than  DB2.3 

No  wonder  DB2  is  regarded  as  the  leading  database  built 
on  and  optimized  for  Linux!  UNIX*  and  Windows!  Like 
other  IBM  database  engine  products  such  as  Informix® 
and  Cloudscape!'  DB2  is  part  of  an  innovative  family  of 
information  management  products  that  integrates  and 
can  actually  add  insight  to  your  data. 


It  takes  full  advantage  of  your  existing  heterogeneous 
and  open  environments,  while  its  leading-edge 
autonomic  computing  technology  means  increased 
reliability,  increased  programmer  productivity  and 
decreased  deployment  and  management  costs. 

One  more  thing:  Oracle  desupported  Oracle  Database  8i 
last  year,  meaning  potential  headaches,  higher  cost  or 
a  complete  migration  to  current  versions  of  Oracle. 
Fortunately,  IBM  offers  ongoing,  around-the-clock  service 
and  support  for  DB2. 

Why  not  move  up  to  middleware  that  makes  sense?  Now  you 
can  get  IBM  DB2  Universal  Database  or  Informix  by  taking 
advantage  of  our  extremely  compelling  trade-up  program. 
Visit  ibm.com/db2/swap  today  to  find  out  if  you  qualify. 


DEMAND  BUSINESS 


IBM,  the  IBM  logo,  DB2,  eServer,  Informix,  Cloudscape  and  the  On  Demand  logo  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United 
States  and  other  countries.  Linux  is  a  registered  trademark  of  Linus  Torvalds.  Microsoft  and  Windows  are  registered  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other 
countries.  UNIX  is  a  registered  trademark  of  The  Open  Group  in  the  United  States  and/or  other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks 
of  others.  ©2005  IBM  Corporation.  All  rights  reserved.  ’“Database  Comparative  Cost  of  Ownership,''  January  2003.  Market  Magic  Ltd.  'All  referenced  results  are  current  as  of  12/14/04.  DB2 
UDB  v8.2  on  IBM  eServer  p5  595  (64-way  POWER5  1.9  GHz)  and  AIX  5.3L:  3,210.540  tpmC  @  $5.19/tpmC  available:  May  15,  2005,  vs.  Oracle  RAC  lOg  on  HP  Integrity  rx5670  Cluster  64P 
(16  x  4-way  Intel  Itanium2  6M  1.5GHz):  1.184,893  IpmC  @  $5.52/tpmC  available:  April  30.  2004;  TPC  Benchmark,  TPC-C,  tpmC  are  trademarks  of  the  Transaction  Processing  Performance 
Council.  For  further TPC-related  information,  please  see  http://www.tpc.org/.  ’“IBM  Solulions  for  PeopleSoft  Deployment  in  Mid-sized  Businesses  Quantifying  the  New  Cost/Benefit  Equation,’ 
July  2003.  International  Technology  Group,  Los  Altos,  California. 


SIP 
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and  “attended  call  forward”  are  built  by  the  phone 
vendors  on  top  of  the  basic  protocol,  there  are 
bound  to  be  disagreements  in  how  to  use  the  basic 
protocol  building  blocks  SIP  offers  to  create  these 
high-level  features.  Although  there  are  some  recent 
Internet  drafts  that  help  to  map  high-level  features  to 
SIP  primitives,  they  have  not  yet  been  confirmed  as 
standards. 

SIP  proxy  vendors  participating  in  this  test  say 
many  of  the  features  we  tested  eventually  will  be 
handled  by  the  SIP  proxies  rather  than  the 
phones.  This  was  evident  when  we  looked  at 
Asterisk  —  the  popular  open  source  PBX.  The 
Asterisk  code  plays  a  very  significant  role  in  its 
implementation  of  the  SIP  call  management  pro¬ 
tocol.  By  acting  as  a  “back-to-back”  user  agent, 
Asterisk  inserts  itself  in  the  middle  of  all  calls. 
Therefore,  interoperability  between  phones  is  not 
the  issue  because  each  phone  only  has  to  inter¬ 
operate  with  the  Asterisk  proxy 
Phones  attached  to  the  Asterisk  PBX  had  fewer 
failures  than  phones  attached  to  the  other  SIP 
proxies. 


SIP  security  success  -  or  lack  thereof 

The  primary  intent  of  our  SIP  security  testing  was 
to  find  interoperable  phone  and  SIP  proxy  imple¬ 
mentations  protecting  both  the  SIP  control  chan¬ 
nel, as  well  as  the  Real-time  Protocol  (RTP)  datas- 
tream.  Unfortunately  we  not  only  didn’t  get  to  test 
these  things  —  but  we  couldn’t  even  find  two 
phones  that  implemented  the  same  security  feature 
set. While  many  phones  had  individual  security  fea¬ 
tures,  such  as  RTP  datastream  encryption,  which 
worked  within  their  own  domains,  we  didn’t  find 
more  than  initial  hints  from  vendors  that  encryp¬ 
tion  (from  vendors  such  as  Zultys  and  Cisco)  was 
going  to  be  widely  available. 

We  also  found  that  some  vendors  aren’t  taking 
basic  requirements  such  as  authentication  very 
seriously  As  part  of  our  test,  we  asked  each  SIP 
proxy  vendor  to  hook  up  its  proxy  to  NuFone,  an 
Internet-based  public  switched  telephone  network 
provider,  using  SIPTo  handle  accounting,  NuFone 
uses  standards-based  SIP  authentication  before 
allowing  calls  through  its  network.  SIP  authentica¬ 
tion  is  a  very  simple  operation.  Thus,  we  were  sur¬ 
prised  that  five  of  seven  proxies  could  not  perform 
authenticated  SIP-backed  communications. 

See  SIP,  page  56 


SIP  videophones 
fall  short  of  the 
Interop  mark 

Our  testing  of  five  videophone  products 
—  softphones  from  Nortel  and  Xten 
(on  Macintosh  and  Windows  plat¬ 
forms)  and  hard  phones  from  InnoMedia  and 
Leadtek  —  was  not  a  pretty  picture. 

As  with  our  other  SIP  testing,  basic  con¬ 
nectivity  for  voice  calls  between  the  video¬ 
phones  worked  well.  But  we  ran  into  sub¬ 
stantial  problems  when  we  tried  to  use  the 
video  features. 

Of  the  25  cases  we  tested,  only  six  of  them 
gave  acceptable  video  quality  between 
phones,  specifically  only  the  single-vendor 
phone-to-phone  calls.  Going  between  vendor 

See  Videophones,  page  56 


In  search  of  safe  network  access 


■  BY  RODNEY  THAYER,  NETWORK  WORLD  LAB  ALLIANCE 

Access  to  network  resources  has  become  an  easy  problem  to  solve. 
Using  LAN  connections,  wireless  access  points,  remote  VPNs  and 
Internet-enabled  coffee  shops,  users  can  pretty  much  access  a  net¬ 
work  from  almost  anywhere.  Unfortunately,  the  bad  guys  can  do  the 
same  thing. 

The  iLabs  Full  Spectrum  Security  Initiative  investigated  two  basic  ques¬ 
tions  that  apply  here:  How  do  you  allow  users  to  legitimately  gain  access 
to  the  network?  And  how  do  you  make  sure  they  continue  to  practice 
safe  networking  once  they  get  there? 

Simply  stated,  policy-based  network  access  is  implemented  by  enhanc¬ 
ing  the  protocol  stacks  in  the  clients  and  in  the  network  infrastructure  to 
control  when  and  where  users  are  allowed  to  send  packets. 

Products  —  such  as  the  wireless  access  points  from  Extreme  Networks 
Trapeze  Networks,  and  switches  from  HP,  Extreme  and  Foundry  Networks 
—  use  the  802. IX  protocols  to  regulate  wireless  and  LAN  access,  and  802.10 
VLAN  tagging  to  control  to  which  portions  of  the  network  a  user  has  access. 

Another  group  of  products  —  from  Microsoft,  Cisco  and  TheTrusted 
Computing  Group,  among  others  —  generally  consist  of  a  policy  enforce¬ 
ment  point  (PEP)  that  uses  either  an  in-line  appliance  that  controls  network 
access  or  a  combination  of  802. IX,  RADIUS  and  policy  enforcement  client 
software,  to  validate  a  system  before  it  is  allowed  on  the  network. 

In  the  iLabs  testing,  we  saw  that  systems  from  Check  Point  and  Sygate 
can  check  a  system  for  policy  compliance  before  it  can  access  the  net¬ 
work.  Policy  checks  can  consist  of  simple  authentication  or  check  a  user's 
system  to  make  sure  it  hasn’t  been  infected  or  compromised  by  access¬ 
ing  malicious  software.  These  products  also  can  be  used  to  set  up  fine¬ 
grained  network  control,  allowing  only  legitimate  users  access  to  specific 
portions  of  a  network. 

Once  you  can  (appropriately)  block  access,  you  can  start  to  defend  the 
network  from  viruses,  unpatched  systems  and  policy  violations.  If  a 
machine  is  found  to  have  a  problem  or  is  noncompliant  with  the  defined 
policy,  use  the  network  access  technology  to  take  action  to  remediate  the 


problem.  If  a  machine  simply  requires  an  update,  the  PEP  can  use  802.10 
virtual  LANs  (VLAN)  to  reconnect  the  machine  to  an  isolated  section  of 
the  network  where  it  can  be  patched.  Worm  outbreaks  and  unauthorized 
peer-to-peer  traffic  can  be  controlled  through  the  use  of  policy  enforce¬ 
ment  when  it's  tied  to  a  switch's  management  capabilities. 

802. IX  is  used  to  control  access  at  the  link  layer,  using  encryption, 
RADIUS  authentication,  and  VLAN  switching.  There’s  new  supplicant  and 
authenticator  software  in  the  clients,  the  wireless  access  points  and  the 
Ethernet  switches  to  support  this,  along  with  supporting  infrastructure 
components  within  the  network. 

Making  a  shopping  list 

Policy-based  access  control  products  are  certainly  the  new  toys  in  the 
security  playpen.  Here  are  a  few  things  —  culled  from  this  iLabs  testing 
—  to  consider  if  you’re  looking  to  buy  them: 

•  Make  sure  the  protocol  implementations  are  working.  We  still  see 
problems  with  802. IX  implementations  failing.  We  also  see  glitches  in  ven¬ 
dor  interoperability  when  they  start  doing  sophisticated  things  such  as 
switching  client  machines  among  VLANs. 

•  Don’t  get  caught  buying  a  steel  door  for  a  grass  hut.  Great  network 
access  software  running  on  an  appliance  that  you  manage  with  cleartext 
telnet  using  unauthenticated  certificates  isn't  secure. 

•  Make  sure  the  products  fit  into  your  network  management  infrastruc¬ 
ture.  Does  it  generate  an  event  log  you  can  feed  into  your  central  log 
management  system?  Make  sure  the  product  scales  so  that  you  can 
manage  multiple  PEPs  from  a  single  location. 

•  Be  wary  of  ties  to  vendor  access  control  initiatives  (Cisco  Network 
Admission  Control  ,  TCG's Trusted  Network  Connect,  Microsoft  Network 
Access  Protection  ,  Juniper  Endpoint  Defense  Initiative).  These  alliances 
are  evolving  and  the  notion  of  just  what  “compliance"  is  hasn’t  stabilize. 

Thayer  is  principal  investigator  with  Canola  &  Jones,  a  security 
research  firm  in  Mountain  View,  Calif.  He  can  be  reached  at 
rodney@canola-jones.com. 


EtherScope  and  OptiView  -  Two  Portable  Network 
Analyzers  created  to  help  prove  it's  not  a  network 
problem.  Faster.  Quickly  proving  problems  are  not 
network  problems  is  exactly  what  our  portable 
analyzers  are  allabout.  Unlike  a  protocol  analyzer 
or  laptop  freeware,  they  give  you  the  complete  vision 
you  need  to  quickly  and  accurately  diagnose  problems. 
For  example,  you  can  track  down  connectivity 
problems  and  incorrectly  configured  stations,  identi 
causes  of  network  slowdowns  (like  excessive  broad¬ 
casts)  and  spot  bandwidth  hungry  applications. 

All  with  one  tool:  a  Fluke  Networks'  portable  analyzer. 
Simply  put,  they're  the  best  way  to  prove  it's  not  the 
network's  fault.  And  the  surest  way  to  start  getting  a 
little  more  respect  around  the  office. 


Faster. 
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To  ascertain  whether  leading  enterprise 
firewalls  can  handle  SIP  traffic,  we  set  up  an 
environment  using  the  Asterisk  PBX  and 
four  Cisco  7960  phones.  Each  phone  was 
separated  from  every  other  phone  with  one 
of  our  test  firewalls  from  Cisco,  Check  Point, 
and  Juniper.  We  tested  the  fourth  phone 
behind  a  home  firewall,  a  Linksys  network- 


address  translation  (NAT)  router,  to  simulate 
a  normal  broadband  user  environment. 

We  stacked  the  deck  in  favor  of  the  fire¬ 
walls  by  using  Asterisk,  which  keeps  both 
the  SIP  control  channel  and  RTP  datas- 
tream  running  down  the  same  pipe.  If  we 
hadn’t  used  Asterisk,  we  could  have  had  a 
situation  where  the  SIP  control  channel  was 


going  through  one  set  of  firewalls  while  the 
RTP  datastream  containing  the  actual  voice 
traffic  was  using  a  different  (but  intersect¬ 
ing)  set  of  firewalls.  In  this  configuration,  we 
called  between  each  firewall-protected 
phone  without  problems. 

In  the  case  of  the  NAT-protected  user,  we 
reliably  called  out  from  the  user  through  the 


NAT,  but  could  not  reliably  call  in.  Because 
the  Linksys  router  does  not  advertise  that  it 
is  SIP-aware. 

These  results  show  that  firewall  vendors 
can  cope  with  SIP  traffic  in  this  configura¬ 
tion.  This  is  a  step  in  the  right  direction 
because  our  testing  last  year  with  firewalls 
didn’t  achieve  this  level  of  interoperability 
In  short,  our  testing  suggests  that  enter¬ 
prise  customers  looking  to  implement  fea¬ 
ture  rich,  secure  VoIP  deployments  based 
on  SIP  will  have  to  wait  for  the  products  to 
evolve  to  that  point. 

Snyder  is  a  senior  partner  at  Opus  One  in 
Tucson,  Ariz.,  specializing  in  information 
security  and  messaging  applications.  He  can 
be  reached  at  joel. snyder@opus l.com. 

Videophones 
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devices  —  despite  having  a  complete¬ 
ly  switched  100M  bit/sec  network  — 
was  a  recipe  for  complete  failure,  only 
one-way  video,  or  just  plain  horrible 
video  quality.  For  example,  when  con¬ 
necting  between  the  Xten  and 
Leadtek  videophones,  we  got  a  two- 
way  video  connection  but  the  quality 
of  the  video  at  high  speeds  was  so 
poor  that  we  had  to  reduce  bandwidth 
to  128K  bit/sec  or  less  to  even  see 
semi-continuous  motion.  Videophones 
turned  into  a  Catch-22:  Setting  speed 
up  to  512K  bit/sec,  high  enough  for 
acceptable  video  quality,  locked  up 
and  crashed  phones  or  kept  them 
from  making  connections  at  all. 

Turning  the  speed  down  gave  us  bet¬ 
ter  interoperability,  but  reduced  the 
video  to  something  akin  to  Neil 
Armstrong’s  1969  moon  walk. 

A  closer  analysis  of  the  SIP  proto¬ 
col  messages  flying  between  the 
phones  showed  that  different  vendors 
were  picking  very  different  parame¬ 
ters  for  their  videostreams  —  and 
most  of  these  parameters  were  not 
under  the  control  of  the  end  user 

Cool  SIP  video  gadgets 

But  lack  of  SIP  interoperability  does 
not  preclude  these  phones  from  being 
fun  gadgets  to  have  on  your  desk. 

Here  is  a  list: 

•  Pick  up  your  iSight  or  USB  cam¬ 
era  and  you're  rolling  with  Xten’s 
eyeBeam  softphone.  This  lets  you 
make  calls  to  any  Internet-connected 
SIP  device. 

•  It  looks  like  a  cell  phone,  but  it's 
not;  the  UTStarcom  Wi-Fi  phone  is 
compact  yet  has  a  full  set  of  SIP  fea¬ 
tures. 

•  Although  the  Azatel  Wi-Fi  SIP 
phone  was  running  beta  code,  people 
will  be  crawling  all  over  each  other 
for  the  large,  clear  color  screen. 

•  The  Zultys  4x5  has  one  extremely 
cool  feature:  compatibility  with 
Bluetooth  headsets. 
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Explore  the  Whole  World  of  Communications 
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Because  Total  Connectivity 
Equals  Total  Opportunity. 


When  it  comes  to  building  networks  that  integrate 
rapidly  converging  technologies,  no  other  event 
showcases  the  full  spectrum  of  broadband, 
wireless,  IP  and  the  entire  public/private  network 
infrastructure  better  than  SUPERCOMM. 

From  VoIP  and  VPNs  to  WLANs  and  SANs,  smart 
enterprise  network  architects  can  view  it  all 
here.  Virtually  every  major  player  launches  their 
most  exciting  technologies  at  SUPERCOMM.  So 
you  can  see  everything  you  need  to  design  a 
network  that  delivers  it  all:  Robust  Connectivity. 
Increased  Productivity.  Lower  TCO.  Stronger  ROI. 


Get  To  Chicago. 

Get  To  SUPERCOMM 


You  can  also  network  with  IT  decision-makers 
from  the  world's  largest  corporations,  government 
agencies  and  educational  institutions  at 
EntNet@SUPERCOMM,  a  FREE  two-day  conference. 
Or,  attend  paid  enterprise  programs  including 
pulver.com's  SIP  Summit  and  ECC@SUPERCOMM. 
Everywhere  you  go,  you'll  be  surrounded  with 
solutions.  That's  why  SUPERCOMM  is  your  total 
opportunity  for  success  --  and  a  can't  miss  event. 

Act  now  -  visit  www.supercomm200S.com  today 
to  register  free  and  save  $150. 


Smarter  Edge  I  Convergence  Edge  I  Government  Edge 


,v  .  /I  : 


5,,.  <*»•>• 


‘VSfe/’ 


■  WB* 

.  .  v-  ••  =  ••  . : -iv 

....  .... 


•  ■ 


-  •  >  Y  ;  V-.,.-.;."" 

*  '  -  cj 

•  .'v'W 


.... 

.  r 

-S  -  '  T—- 


V-  -v  :•/ 


Nortel’s  Business  Communications 
Manager  50  is  the  cost-effective, 
reliable  and  feature-rich  converged 
solution  for  the  SMB  market. 


With  up  to  32  VoIP  phones  and  12  IP  trunks, 
Nortel’s  Business  Communications  Manager  50 
(BCM  50)  converged  platform  gives  small 
businesses  all  the  powerful  features  of  larger 
converged  systems  in  an  affordable  and 
feature-rich  solution.  The  BCM  50  is  positioned 
for  SMBs  needing  up  to  30  users  in  stand¬ 
alone  or  networked  configurations.  From 
analog  to  digital  and  unified  messaging  to 
interactive  voice  response,  Nortel’s  BCM  50 
answers  the  call  for  affordable  IP  telephony. 

•  Specifically  designed  for  SMBs 
•Flexible  scalability 

•Simple,  secure  and  reliable 

•  Up  to  32  VoIP  lines  and  1 2  IP  trunks 


NORTEL 


Authorized 

Distributor 


Get  up  to  speed  on  Nortel’s  BCM  50 
with  Westcon’s  May  12th  Web  Track. 

You’ve  come  to  expect  superior  technical  expertise  and  intensive 
sales  support  from  Westcon,  and  our  May  12th  Web  Track  promises 
to  be  one  of  the  best.  Synchronized  with  the  Nortel  BCM  50  launch, 
this  dynamic  training  program  offers  streaming  product  information 
and  the  most  effective  sales  techniques  to  help  you  position  the 
BCM  50  as  a  vital  communications  link  for  the  SMB  market. 

Register  on  our  website  today  and  get  the  Westcon  Advantage. 

©  2005  Westcon  Group  North  America,  Inc.  All  product  names  are  trademarks  of  their  respective  companies. 


networking  together' 


www.westcon.com/nortelwebtrack 
1 -877-779-3342 
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WEB  CONFERENCING 


Interwise  leads  field  of  1 1  vendors  in 
global  test  of  voice/video  over  IP  services 

■  BY  CHRISTINE  PEREY,  NETWORK  WORLD  LAB  ALLIANCE 

Web  conferencing  vendors  are  adding  two  key  features  to  their  baseline 
data  collaboration  platforms:  voice  and  video  over  IP  The  advantages 
of  being  able  to  establish  a  single  session  for  voice,  video  and  data  are 
increased  productivity  reduced  costs  and  the  ability  to  produce  inte¬ 
grated  meeting  archives.  We  tested  11  Web  conferencing  services  from  test  sites  in 
Switzerland,  the  U.K.,  Austria  and  the  U.S.over  the  course  of  three  weeks  to  get  an  “In 
the  Wild”  look  at  the  latest  services. 


There  are  dozens  of  Web  conferencing 
services  to  choose  from  (see  our  Buyer’s 
Guide  at  www.networkworld.com,  Doc- 
Finder:  6930,  for  the  latest  list).  We  fo¬ 
cused  on  hosted  services  that  are  acces¬ 
sible  from  anywhere  on  the  Internet,  and 
that  offer  users  with  a  telephone  and  PC- 
equipped  headset  and  Web  camera  a 
multi-party,  integrated  voice  and/or 
video-over-IP  conference  with  several 
presentation,  screen/file  viewing  and 
data  collaboration  features.  Out  of  20 
companies  invited,  we  tested  1 1:  Centra, 
Convoq,  Elluminate,  Face-to-Face  Meet¬ 
ing,  Genesys,  Interwise,  Linktivity  Macro¬ 
media,  Raindance,  VidiTel  and  WebEx 
Communications. 


Interwise’s  hosted  Enterprise  Connec¬ 
tion  Platform  (ECP),  iMeeting  Version 
5.2,  wins  the  Clear  Choice  Award  for  its 
rich  feature  set,  yet  easy-to-use  Web  con¬ 
ferencing  service.  It  delivered  a  flawless 
performance  every  time  we  initiated  a 
rich  media  meeting  with  people  who 
had  (and  who  hadn’t)  previously  down¬ 
loaded  the  software  and  offered  optimal 
levels  of  management  and  security  for 
enterprise  IT  managers.  Interwise  also 
was  the  only  service  tested  in  which  par¬ 
ticipants  on  the  same  conference  could 
choose  to  use  either  the  built-in,  high- 
quality  VoIP  system  or  a  traditional  pub¬ 
lic  switched  telephone  network  (PSTN) 
connection  to  an  Interwise-managed 


How  We  Did  It 


The  testing  team  consisted  of  11  people  in  four  countries  —  the  U.S., 
U.K.,  Switzerland  and  Austria.  Testers  used  Windows  XP-based  lap¬ 
tops  connected  to  either  corporate  networks  or  broadband  Internet; 
others  used  Macintosh  PowerBooks  although  support  for  Macintosh  or 
Linux  wasn’t  a  criteria  for  inclusion  in  the  study.  Testers  were  provided 
Logitech  Notebook  Pro  Webcams  and  Logitech  Internet  Chat  Headsets, 
graciously  loaned  by  Logitech  Europe.  Each  service  provided  test  member 
accounts,  and  test  team  members  installed  the  client  application  or  plug-ins 
on  their  clients. 

After  introductory  briefings  with  service  providers,  test  team  members 
conducted  hands-on  tests  on  all  components  of  personal  multimedia  confer¬ 
encing  and  collaboration  services  in  sub-teams  of  four  participants.  The 
four-member  teams  simulated  the  preparation  of  project  documents  and 
presentations  over  the  Internet  and  their  corporate  networks. 

Each  service  was  evaluated  for  support  of  interactive  voice  communica¬ 
tions  (not  quality  but  connectivity,  point-to-point  and  multipoint),  video  com¬ 
munications  (bidirectional  not  required  but  recommended),  document  view¬ 
ing,  document  sharing  (modification  by  user  and/or  host)  and  text  chat. 

When  not  in  sessions,  the  evaluation  team  compared  features  that  assist 
community  members  to  communicate  availability  (state,  presence),  create 
and  send  multimedia  messages,  or  schedule  and  initiate  live  sessions  on  a 
reservation  and  ad  hoc  basis. 

Testing  was  conducted  from  March  9  to  March  30,  2005. 


bridge.  Using  Interwise’s  softswitch  (soft¬ 
ware  bridge),  the  PSTN  and  VoIP  partici¬ 
pant  voice  qualities  are  indistinguish¬ 
able  and  seamlessly  mixed  for  any  size 
meeting.  Regardless  how  you  choose  to 
transmit  voice,  ECP  Connect  offers  re¬ 
sponsive  desktop-,  application-  and  file¬ 
sharing  (or  showing)  for  people  on  net¬ 
works  with  different  bandwidths,  well- 
integrated  whiteboard  tools,  co-browsing 
and  simple  polling.  While  the  video  over 
IP  needs  some  work,  it  was  another  flexi¬ 
ble  feature  in  ECP-based  meetings. 

We  were  very  impressed  by  the  quality 
of  several  other  services.  Linktivity  Rain- 
dance  and  WebEx  were  excellent  and 
are  expected  to  implement  improve¬ 
ments  in  the  months  to  come. 

All  services  we  tested  offer  a  live  and 
responsive  “shared  space,”  where  small 
group  collaboration  can  occur  (as  op¬ 
posed  to  a  one-to-many  event),  and  all 
services  support  at  least  one  real-time 
video  window.  Eight  of  the  1 1  tested  cur¬ 
rently  offer  VoIP  as  an  integral  part  of  the 
conference  (Raindance,  Genesys  and 
WebEx  did  not  offer  VoIP  as  an  option  at 
the  time  of  testing.  Seven  of  the  1 1  also 
offer  meeting  recording  (Face-to-Face 
Meeting,  Convoq,  Raindance  and  VidiTel 
do  not  currently  archive  meetings). 

Getting  up  and  running 

To  deliver  the  promise  of  higher  em¬ 
ployee  productivity,  rich  media  confer¬ 
encing  needs  to  save  time  when  com¬ 
pared  with  normal  ways  of  conducting 
business.  Although  only  10%  of  the  final 
score  focused  on  setup,  foolproof  installa¬ 
tions  and  usage  in  several  environments 
(differing  networks,  operating  system, 
hardware  and  software  settings)  is  impor¬ 
tant  for  user  acceptance  and  the  financial 
viability  of  a  service  provider. 

Seven  services  tested  required  Java 


Online  Buyer’s  Guide 

See  our  Buyer's  Guide  at 
www.networkworld.com, 
DocFinder:  6930 


and/or  ActiveX  for  host  application  in¬ 
stallation,  usage  or  both.  We  found  that 
certain  browser  settings,  such  as  any¬ 
thing  that  blocks  ActiveX  or  cookies,  can 
interfere  with  installation.  By  extension, 
we  found  that  Centra  only  uses  Micro¬ 
soft’s  implementation  of  the  Java  Virtual 
Machine  (not  the  Sun  version).  We 
believe  reliance  on  Microsoft-specific 
extensions  caused  an  issue  with 
Elluminate  and  Centra  when  we  tried  to 
enter  a  meeting  with  non-Windows 
browsers.  Administrator  rights  might  be 
needed  to  make  changes  to  client  com¬ 
puters  before  installation  goes  smoothly 
Another  little  secret  we  found  during  in¬ 
stalls  was  that  the  services  that  use 
ActiveX  and  Java  within  browsers  can 
heavily  use  temporary  Internet  files.  If 
the  application  doesn’t  automatically 
manage  the  temporary  file  cache,  users 
can  hit  a  memory  ceiling  and  encounter 
difficulties  during  installation  or  usage. 

Users  don’t  always  have  rich  media  in¬ 
put  devices  (headsets  and  Web  cam¬ 
eras)  plugged  into  their  PCs  when  they 
click  on  a  meeting  link.The  result  can  be 
a  lack  of  video  or  audio  when  entering  a 
meeting  with  a  platform  that  loads  the 
media  only  at  the  start  of  one.  Although 
we  found  a  drawback  with  how  it  deals 
with  video.  Interwise’s  iMeeting  was  very 
adept  at  detecting  and  adapting  quickly 
on  the  user’s  behalf  to  changes  in  media 
inputs  and  network  connectivity.  (We  dis- 
See  Web  conferencing,  page  60 


Slow  Systems? 

BREAKTHROUGH  TECHNOLOGY  KEEPS  THEM  RUNNING  AT  TOP  SPEED 


One  of  the  most  common 
questions  that  comes  up  when 
talking  about  Diskeeper*  is  "Why  pay 
for  a  defragmenter  when  Windows 
has  one  for  free?" 

To  answer  this  question,  let's 
compare  defragmentation  to 
housecleaning.  Everyone's  house 
gets  dirty,  and  there  are  basically 
three  ways  to  handle  it: 

1«Do  nothing.  The  house  gets 
dirtier  and  dirtier,  stuff  starts  to 
pile  up, the  smell  gets  worse  and 
neighbors  start  calling  the 
health  department.  Eventually 
the  house  gets  so  dirty  that  it's 
uninhabitable,  so  you  move  out 
and  find  another  place  to  live. 
(This  scenario  is  similar  to  never 
defragmenting.) 


Clean  it  yourself.  This  usually 
requires  carving  at  least  an  hour 
or  so  per  day  out  of  your  free 
time.  (This  scenario  is  like 
defragmenting  your  systems 
with  a  manual  defragmenter.) 


3*  Hire  a  housecleaning  service 
to  come  in  and  clean  on  a 
regular  basis.  (Automatic 
defragmentation.) 


Do  it  yourself? 

#2  seems  like  a  reasonable 
solution.  After  all,  plenty  of  people 
clean  their  own  houses,  right?  In 
theory,  yes.  In  reality,  things  come 
up — weekend  plans,  long  work 
hours, etc. You  might  only  have  a  few 
minutes  to  straighten  up,  or  you 
might  skip  a  couple  of  day's  worth  of 
cleaning  altogether.  End  result:  the 
house  is  rarely  as  clean  as  it  could  be, 
and  when  you  do  clean,  it  takes 
much  longer  than  it  should. 
Likewise,  the  process  of  manual 


defragmentation  takes  so  long  and 
involves  so  much  IT  staff  time  that  it 
rarely  gets  done. 

The  most  effective  way  to  keep 
your  house  clean  is  to  have  it  done 
automatically, on  a  regular  basis.  And 
the  most  effective  way  to  keep  your 
systems  running  at  top  speed  with 
maximum  reliability  is  to  have  them 
defragmented  automatically. 

Find  the  right  solution 

Let's  say  you  hire  a  cleaning 
service  to  come  to  your  house  once 
a  week  and  scrub  the  daylights  out 
of  it.  They  vacuum  carpets,  clean 
windows,  polish  furniture,  organize 
the  attic,  etc.,  etc.  It  takes  them  all 
day  and  well  into  the  evening.  And 
while  you  like  having  a  clean  house, 
it's  annoying  to  have  to  wait  to  eat 
dinner  because  someone  is 
polishing  the  chrome  on  your 
oven  door.  Or  to  have  to  park 
on  the  street  because  someone 
was  midway  through  straightening 
up  the  garage  just  as  you  got 
home  from  work.  The  same  is 
true  of  defragmentation.  A 
defragmentation  run  that  kicks  off  at 
the  wrong  time  can  turn  into  a  major 
headache  and  seriously  disrupt  your 
organization's  workflow. 

Automation  with  convenience 

The  perfect  cleaning  service  is 
one  that  works  around  you.  You  can 
tell  them  when  you  want  them  to 
clean,  or  they  can  decide  how  often 
to  clean  based  on  how  quickly  your 
house  gets  dirty.  They  take  care  of 
the  big  stuff  first — counters,  floors, 
bathroom — so  that  you  have  a  clean 
house  as  quickly  as  possible.  Minor 


Keep  your  systems  running  fast  —  automatically. 


chores,  like  polishing  the  chrome  in 
the  kitchen  or  cleaning  the  garage, 
are  done  at  times  when  they  won't 
inconvenience  you.  And  if  they  do 
happen  to  be  cleaning  a  room  you 
need  to  use,  they  get  out  of  your  way 
immediately. 

That's  how  Diskeeper  9, 
The  Number  One  Automatic 
Defragmenter™,  works. 

Diskeeper  9: 

The  Number  One  Automatic  Defragmenter 

Diskeeper  is  a  software  system 
that  completely  eliminates  the 
problems  caused  by  fragmentation. 
Diskeeper  9  uses  unique  adaptive 
technology  that  works  around  your 
organization's  workflow.  You  can 
implement  Diskeeper  9  on  every 


server  and  workstation  right  from 
your  own  desktop.  Once  Diskeeper 
is  deployed,  the  problem  of 
fragmentation  simply  goes  away. 
Operation  of  Diskeeper  9  is  almost 
completely  transparent,  which  is 
why  we  call  it  the  "Set  It  and  Forget 
It"*  defragmenter! 

See  the  difference  for  yourself. 
Download  the  FREE  30-day  trial 
edition  of  Diskeeper  9  now! 

TRY  DISKEEPER  FREE 
FOR  30  DAYS 

www.diskeeper.com/nww9 

For  volume  license  pricing  and 
government  or  educational  discounts,  call 
800-829-6468  phone  code  4318 


Diskeeper 

The  Number  One  Automatic  Defragmenter 


Sponsored  by: 


©2005  Executive  Software  International.  All  Rights  Reserved.  Diskeeper.  The  Number  One  Automatic  Defragmenter,  Set  It  and  Forget  It,  Executive  Software  and  the  Executive  Software  logo  are 
registered  trademarks  or  trademarks  of  Executive  Software  International,  Inc.  in  the  United  States  and/or  other  countries.  Microsoft  and  Windows  are  either  registered  trademarks  or  trademarks  owned 
by  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  Executive  Software  International,  Inc.  ♦  7590  N.  Glenoaks  Blvd.  Burbank,  CA  91504  •  800-829-6468  •  www.executive.com 
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Web  conferencing 

continued  from  page  58 

covered  that  if  a  user  is  disconnected  dur¬ 
ing  an  iMeeting,  the  application  auto¬ 
matically  tries  to  renegotiate  with  the  same 
or  a  different  server  on  the  peered  network 
grid  on  behalf  of  the  user.) 

Setup  went  extremely  smoothly  with 
Linktivity,  Raindance  and  VidiTel,  and  we 
also  got  great  speed  and  ease  of  use  from 
services  that  use  Flash  (Convoq  ASAP  and 
Macromedia  Breeze).  Our  testing  team 
members  connected  to  the  hosted  servers 
with  anything  from  128K  to  1.5M  bit/sec 
(the  majority  of  the  testers  were  on  1.5M 
bit/sec  or  higher).  Based  on  regional  dif¬ 


ferences  (Europe  vs.  the  U.S.)  and  possible 
connectivity  bottlenecks  between  conti¬ 
nents,  we  felt  the  hosting  service  providers’ 
ISPs  (rather  than  the  services  themselves) 
differed  significantly  in  how  well  they 
served  our  needs.  Although  several  test 
team  members  completed  it  on  the  first 
attempt,  the  longest  set-up  time  required 
8.5  minutes  with  Face-to-Face  Meeting.  We 
also  found  it  irritating  that  WebEx  required 
a  partial  re-install  of  the  application  each 
time  a  user  or  host  enters  a  meeting. 

Special  features 

Offering  optional  features  (such  as  Power¬ 
Point  conversion  and  scheduling  capabili¬ 
ties)  in  the  form  of  plug-ins  that  can  be 
installed  separately  as  user  needs  evolve 


was  a  good  strategy,  exemplified  by  Inter¬ 
wise,  Linktivity  Convoq  and  Macromedia. 
We  also  feel  that  user  account  naming  con¬ 
ventions  should  be  intuitive  to  users  such  as 
using  family  names  or  e-mail  addresses.  We 
dislike  the  legacy  (PSTN-centric  audiocon¬ 
ferencing)  feeling  of  numeric  codes 
Genesys  and  Raindance  use  for  identifying 
user  accounts.  In  both  cases,  the  user  is 
issued  a  seven-  to  10-digit  meeting  code 
(the  same  number,  the  user  ID  and  meeting 
code,  is  stamped  on  a  plastic  card  mailed  to 
the  user)  and  a  four-digit  PIN. 

Getting  people  into  a  meeting  at  the 
appropriate  time  is  critical  to  the  success  of 
a  rich  media  conference.  Services  that  sup¬ 
port  meeting  scheduling  (all  those  tested 
integrated  scheduling  through  a  portal  or  in 


conjunction  with  Outlook,  with  the  excep¬ 
tion  of  VidiTel  and  Face-to-Face  Meeting) 
must  always  keep  track  of  participant  time 
zones.  When  populating  an  invitation  for  a 
meeting  to  be  scheduled  in  the  future,  the 
service  should  ask  what  time  zone  the  invi¬ 
tee  is  in.  In  some  services  this  can  be  set 
once  and  saved  on  the  server.  In  others,  the 
invitation  list  is  generated  based  on  e-mail 
addresses,  and  there  are  neither  time  zones 
registered  nor  conversions  offered.  We  also 
discovered  that  daylight-saving  changes 
one  week  earlier  in  Europe  than  in  North 
America,  which  Interwise  handled  grace¬ 
fully  but  confused  Genesys  (we  didn’t  test 
all  the  services  on  that  week  to  see  if  others 
had  correctly  programmed  their  time 
See  Web  conferencing,  page  62 
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ASAP  Pro  2.0 

Company:  Interwise, 
www.interwise.com  Cost:  $125 
peruser,  per  year  for  unlimited 
audio,  video,  Web/data.  Pros: 
High  availability,  highly 
integrated,  converged  VoIP  and 
PSTN  service.  Cons:  No  public 
IM  integration;  no  support  for 
recurring  meetings. 
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Company:  Raindance 
Communications,  www. 
raindance.com  Cost:  $275  per 
month  for  five-user  pack;  $400 
per  month  for  10-user  pack;  add 
20  cents  per  minute,  per  port  for  I 
integrated  audioconference  for  | 
five-user  meeting;  add  18  cents 
per  minute,  per  port  for  10-user  | 
audioconference  integration;  add 
50  cents  per  minute,  per  partici¬ 
pant  for  additional  participants. 
Pros:  Very  high  availability  and 
reliability;  high  quality  video;  well 
integrated  PSTN  audio.  Cons: 
Meeting  ID  and  PIN  system  not 
easy  to  remember,  no  record  and 
playback. 


Company:  WebEx  Communi¬ 
cations,  www.webex.com  Cost: 
$100  per  port  per  month;  pay- 
as-you  go  for  33  cents  per 
minute,  per  user,  with  20  cents 
per  minute,  per  port  for  audio¬ 
conferencing.  Pros:  Complete 
system  integrated  into  Office 
and  Microsoft  services  (in¬ 
cluding  MSN);  highly  respon¬ 
sive;  easy  to  learn  and  use; 
excellent  multilingual  support. 
Cons:  No  VoIP  integration  on 
single  meetings  (but  can 
broadcast  aWindows  Media  file 
live  to  Web-based  audiences); 
presenter  interface  is  different 
from  participant  interfaces. 


Company:  Linktivity,  a  division 
of  InterTel,  www.linktivity.com 
Cost:  $300  per  month  for  five 
concurrent  users;  $450  per 
month  for  10  concurrent  users. 
Pros:  Complete  Office  and 
browser  integration  for 
scheduling  and  ad  hoc 
meetings;  color  depth  can  be 
changed  during  presentation; 
multilingual  support.  Cons: 
VoIP  and  PSTN  not  integrated. 


Company:  Convoq, 
www.convoq.com  Cost:  $249 
per  year  on  named  user  basis; 
additional  participants  over  the 
maximum  (15  for  the  Pro 
service)  are  billed  at  15  cents 
per  minute,  per  user.  Pros: 
Getting  into  the  meeting  very 
easy  and  flexible;  excellent 
support  for  media  sharing  and 
collab-oration;  ubiquitous  use 
of  Flash.  Cons:  No  support  for 
voice-activated  switching;  only 
one  video  window;  no  post¬ 
meeting  archives  (recording 
tools  or  meeting  reports). 


Eliuminate 
Live!  Team 
Edition 
v6.0 


Company:  Eliuminate, 
www.elluminate.com 
Cost:Three-seatTeam 
Edition  one-year  sub¬ 
scription  $2,400;  five-seat 
Team  Edition  one-year 
subscription  $3,750;  10- 
seatTeam  Edition  one- 
year  subscription  $7,000. 
Pros:  Equal  application 
sharing  support  across 
Windows,  Macintosh  and 
Linux;  recording  and  play¬ 
back  well  supported. 
Cons:  New  user  down¬ 
load  too  complex;  push- 
to-talk  is  awkward;  pops 
and  gaps  in  audio. 


Face-to-Face 


Centra  7 


Company:  Centra,  www. 
centra.com  Cost:  $92  per 
month,  per  concurrent 
seat  with  annual  contract; 
other  pricing  options 
available  (pay  as  you  go, 
unlimited  use  and  per¬ 
petual-use  licenses). 
Pros:  Good  scheduling/ 
invite  integration  with 
Outlook,  e-mail  and  IM; 
highly  developed  record¬ 
ing  features;  complete  tool 
palette  includes  excellent 
crowd  management 
system.  Cons:  No  public 
IM  integration;  no  support 
for  recurring  meetings. 


VidiTel 


Company:  Santa  Cruz 
Networks,  www.viditel. 
com  Cost:  $29.99  per 
month,  per  user.  Pros: 
High  quality  video  and  full 
duplex  audio;  highly 
integrated  presence  and 
IM-enabled  directory  to 
see  others  with  VidiTel 
accounts.  Cons:  No 
meeting  reservation  or 
coordination  system. 


Breeze 


Company:  Macromedia, 
www.macromedia.com 
Cost:  $375  per  month  for 
five-user  starter  pack; 
$750  per  month  for  10- 
user  pack;  pay-as-you-go 
option  for  32  cents  per 
minute,  per  user.  Pros: 
Extremely  complete  set 
of  templates  for  collab¬ 
oration;  ubiquitous  use 
of  Flash.  Cons:  VoIP 
quality  sub-optimal  for 
business  meetings. 


OVERALL  RATING 


Services 


Company:  Face-to-Face 
Meeting,  www. 
facetofacemeeting.com 
Cost:  $99  per  month,  per 
user  for  up  to  24  users; 
$89.99  per  month,  per 
user  for  25  to  99  users; 
12-month  contract 
required.  Pros:  Strong 
encryption  on  audio, 
video  and  data;  ability  to 
put  point-to-point  call  on 
hold  and  take  another 
call.  Cons:  Requires  full 
stand-alone  application 
download;  weak  meeting 
setup  and  reservation/ 
invitation  system. 


OVERALL  RATING 


Company:  Genesys 
Conferencing,  www. 
genesys.com  Cost:  32 
cents  per  minute,  per  port,  | 
includes  audio,  video  and 
Web.  Pros:  Global  ser¬ 
vice;  high  availability; 
recording/playback  of 
meetings  fully  supported; 
easy  to  invite  users  and 
strong  Outlook  integra¬ 
tion.  Cons:  Audience 
interface  doesn’t  permit  to  | 
see  many  of  the  features, 
making  collaboration 
difficult;  screen  sharing 
and  PowerPoint  sharing 
require  multi-step  setup. 


The  breakdown 

Interwise 

Raindance 

WebEx 

Linktivity 

Convoq 

Eliuminate 

Centra 

VidiTel 

Macromedia 

Face-to-Face 

Genets 

Features/functionality  50% 

4.5 

4 

4 

4.5 

4 

4 

4 

4 

4 

3 

3.5 

Security/control  25% 

5 

5 

5 

5 

5 

5 

4 

4 

3 

5 

3 

Administration/management  15% 

5 

5 

5 

3 

4 

4 

5 

4 

4 

3 

4 

Setup/installation  10% 

5 

5 

5 

5 

5 

3 

3 

5 

5 

3 

4 

TOTAL  SCORE 

4.8 

4.5 

4.5 

4.5 

4.4 

4.2 

4.1 

4.1 

3.9 

3.5 

3.5 

1 _ 

v,  Scoring  Key;  5:  Exceptional;  4:  Very  good;  3:  Average;  2:  Below  average;  1:  Consistently  subpar 


One  company. 

One  appliance. 

One  step  closer  to  easier  messaging 


nearly  TO  years,  Mira  point  appliances  have  been  the  backbone  for  more  than  60  million 
i (boxes  for  customers  like  Ford,  STMicroelectronics,  RSA  Security,  British  Telecom,  China 
ecom,  University  of  Georgia  and  Cal  Poly. 


th  powerful  spam  and  virus  edge-blocking  technology,  ultra-reliable  email,  advanced 
ssaging  &  mobility  feature  ,  plus  feature-rich  collaboration  including  group  calendaring 
i  shared  folders,  we  deliver  the  complete  messaging  lifecycle.  We  know  messaging  is 
nplex,  and  Mirapoint  is  helping  to  ease  the  strain  on  IT  by  delivering  modular,  standards- 
.ed  appliances  for  email  and  security. 


ether  you  need 
apoint  delivers. 


messaging  solution  or  better  security  protection 


Clear  Choice  Test 
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Why  go  with  a  hosted  service? 


Businesses  can  purchase  Web  conferencing  in  three  different  options:  They 
can  deploy  it  as  an  in-house  application  on  the  corporate  network;  a  dedi¬ 
cated  server  can  be  set  up  and  configured  for  a  corporation  on  a  hosting 
service’s  server;  or  the  company  can  purchase  seats  or  accounts  on  a  third-party 
hosted  application  server  shared  with  numerous  other  account  holders.  For  com¬ 
panies  with  a  high  Web  conferencing  usage,  especially  among  employees  of  the 
same  company,  purchasing  and  operating  a  server  internally  is  frequently  the 
most  cost-effective  scenario.  Controlling  secure  access  to  the  server  behind  a 
firewall  for  users  on  the  public  Internet  can  be  challenging  to  set  up  and  manage. 

The  fully  hosted  “open”  yet  secure  services  tested  for  this  story  offload  all  man¬ 
agement  and  maintenance  for  a  fixed  monthly  cost  and  are  optimal  when  partici¬ 
pants  are  widely  distributed,  all  connected  by  way  of  the  Internet  and  don’t  share  a 
common  IT  infrastructure.  Small  and  midsize  businesses  find  this  purchasing 
option  most  attractive.  We  also  believe  that  application  service  providers  can  add 
features  incrementally  to  their  customers  more  quickly  than  they  release  them  for 
their  customer  premises  equipment  customers.  As  the  Web  conferencing  service 
providers  reach  a  common  baseline  platform,  including  VoIP  and  support  for  video, 
and  they  begin  to  pay  off  their  infrastructure  investments,  they  increasingly  will 
compete  for  customer  business  on  the  basis  of  price,  making  this  option  more 
financially  attractive  for  any  size  customer. 

—Christine  Perey 
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zones).  Elluminate  Live  requires  that  users 
convert  from  their  time  to  Mountain  Time. 
Integration  with  Exchange  and  Outlook 
and/or  Lotus  Notes  simplifies  this  task,  and 
in  a  corporation  will  offer  a  way  to  check 
participant  availabilities  and  resolve  phone 
numbers  and  e-mail  addresses. 

Most  of  the  Web-based  (service  portal) 
meeting  scheduling  was  simple  to  use,  but 
in  a  few  cases  the  numerous  options 
made  for  an  excessively  long  process;  for 
example,  the  WebEx  full-feature  schedul¬ 
ing  wizard  has  at  least  nine  steps.  Genesys’ 
scheduling  was  equally  long.  Convoq 
ASAP  doesn’t  offer  a  way  to  take  advan¬ 
tage  of  a  user’s  local  Notes  or  Outlook  cal¬ 
endaring  features,  but  it  is  the  only  service 
to  go  the  extra  mile  in  the  other  direction. 
ASAP  tracks  an  attendee’s  presence  (away 
available,  busy  offline)  by  monitoring  and 
integrating  his  public  instant-messaging 
service  buddy  lists  and  the  enterprise 
IM/presence  management  systems  in  its 
main  user  interface,  which  resides  in  the 
Windows  system  tray  when  not  in  use. 

We  lived  through  the  pain  customers  ex¬ 
perience  when  they  must  rely  solely  on 
audioconference  bridges  for  the  voice  por¬ 
tion  of  their  meetings.  For  example,  getting 
testers  in  Switzerland  and  the  U.S.  to  hear 
one  another  on  the  same  conference 
bridge  without  intercontinental  toll 
charges  was  a  significant  challenge  with 
Raindance  and  Genesys.  Both  could  offer 
dial-out  services  (for  which  someone  ulti¬ 
mately  must  foot  the  bill)  but  users  have  to 
correctly  enter  their  number  including 
country  access  codes,  and  toll-free  U.S. 
numbers  can’t  be  dialed  from  international 
locations.  Sometimes  a  “+” symbol,  a  space 
or  a  parenthesis  can  set  you  back  to  the 
process  of  entering  a  phone  number.  In 
one  instance,  after  about  15  minutes  we 
managed  to  begin  our  meeting  but  we 
were  short  a  participant  who  only  could 


attend  for  the  first  short  period  before 
needing  to  attend  another  meeting. 

To  reduce  the  likelihood  of  a  delayed 
meeting  because  of  participant  difficulties 
with  the  meeting  software,  Raindance 
meeting  hosts  can  request  live  telephone 
customer  support  (an  operator  available 
via  the  integrated  audioconference 
bridge)  in  15  seconds  or  less. 

We  found  it  easy  to  start  an  ad  hoc  meet¬ 
ing  from  Outlook  or  a  slim  dashboard  ap¬ 
plication  in  Genesys,  Raindance,  WebEx, 
Linktivity  Macromedia,  Convoq  and  Inter¬ 
wise.  It  also  is  very  easy  to  start  a  confer¬ 
ence  if  you  and  the  other  meeting  partici¬ 
pants  have  the  Face-to-Face  Meeting  and 
VidiTel  applications  running.  Perhaps  re¬ 
flecting  their  heritage  in  the  large  event 
and  educational  worlds,  we  had  to  go 
through  a  portal  (engaging  a  multistep 
process)  to  start  any  type  of  meeting  in 
Centra  and  Elluminate. 

Services  differ  widely  in  their  ability  to 
invite  a  new  (ad  hoc)  participant  into  a 
meeting  once  the  session  has  begun.  We 
like  the  options  Centra,  Convoq,  Rain¬ 
dance,  WebEx,  Face-to-Face  Meeting  and 
VidiTel  offer  to  add  a  participant  from  with¬ 
in  the  application  using  an  integrated  IM 
invitation  and  the  optional  e-mail  invita¬ 
tion.  Genesys  has  a  concept  of  an  “Xpress 
meeting”  from  which  ad  hoc  participants 
easily  can  be  added  by  way  of  IM  (but  this 
feature  is  not  available  in  the  “normal” 
Genesys  meeting).  To  invite  someone 
when  you  are  already  in  a  Macromedia 
Breeze  session,  you  must  generate  a  new 
e-mail  (Breeze  provides  a  pre-configured 
template)  or  manually  paste  the  URL  into 
an  IM.  Because  our  testers  weren’t  required 
to  all  be  on  the  same  public  IM  service,  this 
could  get  to  be  a  lot  of  cutting  and  pasting. 
Unfortunately  you  can’t  use  the  applica¬ 
tion  or  service  to  invite  someone  in  an  ad 
hoc  automated  fashion  when  you  are  in 
an  Elluminate  meeting  (you  still  have  the 
option  of  pasting  the  URL  into  an  IM  or 
e-mail  manually  during  the  meeting). 


Behind  closed  doors 

As  a  matter  of  corporate  policy  or  individ¬ 
ual  project  needs,  companies  often  have 
reservations  about  rich  media  conferencing 
over  the  Internet,  or  using  hosted  services, 
on  the  grounds  of  security  and  privacy 

Service  providers  ensured  a  high  level  of 
security  in  several  ways.  One  way  was  to 
dedicate  a  server  per  enterprise  customer, 
firewall  each  server  and  establish  a  VPN 
connection  with  the  corporation.  This 
method  reproduces  a  premises-based  sys¬ 
tem,  and  the  service  can  manage  only  the 
server  and  features.  Because  our  16-mem¬ 
ber  testing  team  was  distributed  across  14 
Internet  domains  in  the  U.S.  and  Europe, 
we  chose  not  to  test  this  network  configu¬ 
ration,  and  only  tested  services  that  are 
accessible  on  the  public  Internet. 

We  scored  the  services  based  on  a  com¬ 
parison  of  the  precautions  offered  by  the 
services  such  as  randomly  generated 
meeting  codes  and  passwords,  the  ability 
to  lock  meetings  and  require  registration 
for  entry  We  didn’t  try  to  hack  into  meet¬ 
ings  uninvited,  break  user  password  codes, 
eavesdrop  on  the  encrypted  media  or  take 
other  steps  to  test  the  security  in  our  real- 
world  meetings. 

All  the  services  tested  use  proprietary  sig¬ 
naling  mechanisms  to  permit  media  to 
cross  firewalls  and  to  resolve  calls  between 
network  address  translation  users  (all  test 
team  members  used  private  IP  addresses). 
All  the  services  tested  also  use  SSL  to  en¬ 
crypt  session  signaling  and  content. 

Servers  for  Centra,  Interwise,  Linktivity 
Macromedia  and  WebEx  generated  a 
unique  meeting  ID  for  each  meeting. 
Others,  including  Convoq,  Elluminate,  Link¬ 
tivity,  WebEx  and  Genesys,  give  the  meeting 
host  the  option  to  require  those  invited  to 
reply  by  e-mail  to  register  for  the  session. 
We  found  that  virtually  all  the  services  can 
set  a  meeting  password  for  participant  use 
upon  entry  with  the  exception  of  Face-to- 


Face  Meeting  and  VidiTel,  which  use  a  call- 
me  method  for  initiating  meetings. 

Genesys  and  Raindance  have  a  waiting 
room  where  all  meeting  participants  wait 
for  the  host  to  approve  them  before  they 
attend  the  live  meeting.  Otherwise,  we  didn’t 
find  the  level  of  security  built  into  these  two 
services  very  well  adapted  to  the  Internet, 
reflecting  the  heritage  in  traditional  tele¬ 
phony  Eight  of  the  11  services  (including 
Genesys  and  Raindance)  also  let  the  host 
press  one  button  to  lock  a  meeting  room, 
preventing  new  participants  from  entering 
until  a  meeting  is  unlocked. 

Beyond  SSL,  Face-to-Face  Meeting,  Inter¬ 
wise,  Linktivity  Raindance  and  VidiTel  add 
128-bit  encryption  support.  Others  also 
might  have  additional  encryption  options 
but  the  ordinary  user  (whom  the  testers  in 
this  study  represent)  couldn’t  detect  or 
make  modifications  to  security  settings 
from  the  portals  or  applications. 

As  mentioned  earlier,  seven  of  the  1 1  ser¬ 
vices  tested  permit  hosts  to  record  the 
meeting.  Because  of  this,  it’s  possible  that 
meeting  contents  can  be  leaked  (or 
shared)  after  a  meeting.  We  feel  the  ability 
to  archive  a  meeting  holds  a  great  deal  of 
promise  for  information  worker  productiv¬ 
ity.  And  provided  the  assets  are  managed 
securely  on  a  service’s  network,  we  don’t 
believe  this  presents  a  significant  threat  or 
corporate  security  or  privacy  In  fact,  meet¬ 
ing-recording  features  might  help  compa¬ 
nies  comply  with  federal  or  industry-spe¬ 
cific  regulations  regarding  fair  disclosure 
and  provide  the  basis  for  e-learning. 

Different  ways  to  get  work  done 

Once  deployment,  security  and  learning 
curves  are  addressed,  employees  should 
use  technology  to  focus  on  business  needs. 
Web  conferencing  services  we  tested  fell 
into  one  of  two  camps  (with  the  exception 
of  Interwise  and  Linktivity  which  seem  to 
598  Web  conferencing,  page  64 


Interwise's  Meeting  impressed  us  with  its  video  and  voice  over  IP  functionality,  as  well  as  Web 
conferencing  collaboration  features. 
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Who  played,  who  didnt 

The  Web  conferencing  industry  is  crowded.  More  than  40  companies  offer 
services  for  business  users.  We  expect  that  there  will  continue  to  be  consoli¬ 
dation  in  the  industry  in  coming  months  and  years. 

To  focus  on  the  features  we  believe  are  most  valuable  for  collaborative  teams, 
we  stipulated  strict  criteria  for  inclusion  (we  required  that  the  service  must  have 
at  least  one  real-time  media,  voice  or  video  over  IP,  integrated  with  the  full  Web 
conferencing  application).  We  extended  invitations  to  20  vendors:  Centra,  Cisco, 
Citrix,  Convoq,  Elluminate,  Face-to-Face  Meeting,  Genesys,  IBM,  Interwise, 
Linktivity,  Macromedia,  Microsoft,  NetSpoke,  Pixon,  Raindance,  Viack,  Santa  Cruz 
Networks,  Wave  3  Software,  WebEx  Communications  and  WiredRed.  Fourteen 
companies  responded  favorably  to  the  initial  invitation,  and  the  11  finalists  (see 
main  story)  met  our  criteria  for  the  tests. 

Cisco  and  IBM  said  while  their  service  platforms  met  the  original  criteria,  their 
business  model  is  to  host  a  dedicated  server  on  behalf  of  a  corporate  customer. 
Microsoft  Live  Meeting  declined  because  it  said  that  its  target  customers  are 
customers  with  very  large  events,  although  the  company  expects  to  release  com¬ 
panion  services  for  collaborative  teams  in  the  near  future. 

Wave  3  Software's  service  was  unavailable  because  of  technical  difficulties,  pre¬ 
venting  test  team  member  access  during  the  testing  period,  and  therefore  was  not 
studied.  Citrix  didn't  complete  the  testing  because  the  service  doesn't  have  real¬ 
time  media  fully  integrated  into  the  platform  as  we  had  originally  understood. 
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have  negotiated  a  compromise).  First,  ser¬ 
vices  such  as  WebEx  and  Centra,  which 
grew  in  response  to  the  needs  of  one  pre¬ 
senter  communicating  to  many  in  which 
people  produce  large  virtual  events  (also 
known  as  Webinars)  and  expose  partici¬ 
pants  to  the  same  information  at  the  same 
time.  At  the  very  minimum,  this  technology 
usage  scenario  requires  robust  invitation 
and  entry  management  systems, support  for 
polls  and  surveys,  and  a  scalable  network 
for  a  large  number  of  participants  to  see  the 
same  information.  The  audience  members 
need  an  extremely  simple  interface  while 
the  meeting  host  interface  must  provide 
crowd  management  functions  such  as 
hand-raising  and  queuing  of  questions. The 
seminar  or  event  usage  model  also  benefits 
from  having  a  meeting  archive  and  replay 
system  for  participants  who  can’t  attend  a 
meeting  or  want  to  review  an  archive.These 
same  platforms  subsequently  are  adapted 
to  serve  smaller  groups  engaged  in  more 
collaborative  activities. 

Other  platforms  were  designed  from  the 
ground  up  to  bring  people  together  in  a 
peer-to-peer  setting  to  collaborate  toward  a 
shared  goal.  In  addition  to  the  central 
actors  in  the  collaboration,  passive  partici¬ 
pants  are  allowed  to  observe.This  scenario 
was  adopted  for  our  usability  tests. Team 
members  reviewed  and  made  edits  to  files 
together,  and  saved  the  changes. 

Despite  only  a  few  minor  weaknesses,  the 
services  tested  were  highly  functional  in 
terms  of  supporting  on-screen  collabora¬ 
tion.  Holding  a  telephone  in  one  hand 
while  typing  a  short  text  message  or  making 
a  change  on  a  document  is  impractical  in 
the  minds  of  all  testers.  If  planning  to  use 
the  PSTN  for  voice  while  doing  collabora¬ 
tive  meetings,  IT  should  provide  appropriate 
headsets.  We  liked  that  most  services  sup¬ 
port  emoticons,  which  appear  next  to 
names  to  indicate  agreement  or  other  emo¬ 
tion,  but  do  not  interrupt  discussion. 

One  drawback  of  the  event-centric  ser¬ 
vices  is  that  some  crowd-management  fea¬ 
tures  are  still  in  evidence,  although  not 
very  useful  in  a  more  collaborative  sce¬ 
nario.  For  example,  when  collaborating, 
peers  expect  to  be  able  to  interact  as  they 
do  on  a  telephone  conference  call.  When 
using  VoIP  with  Centra  eMeeting,  the  user 
must  push  a  button  to  talk.  Convoq’s  mod¬ 
erator-controlled  multi-party  meeting  fea¬ 
ture  also  was  challenging  to  learn  and 
needs  enhancements  before  it  can  com¬ 
pete  with  other  multi-party  VoIP  services. 
We  liked  that  nine  of  the  1 1  services  let  the 
host  see  (by  way  of  icons  or  colors  next  to 
participant  names)  who  is  speaking,  and 
moderate  (give  and  retrieve  the  podium 
and  presenter  rights). Face-to-Face  Meeting 
and  Convoq  didn’t  have  the  speaker  iden¬ 
tification  feature. 

White  boards  during  collaboration  allow 
for  on-screen  annotation,  usually  individ¬ 
ual  remarks  added  to  a  white  surface  or 
over  a  graphic  image.  All  services  tested 
(except  VidiTel)  support  whiteboarding, 


but  integration  levels  differed.  In  eight  of 
the  1 1  services,  the  white  board  is  tightly 
integrated,  but  the  Genesys  white  board 
appears  to  be  a  completely  separate  appli¬ 
cation  that  is  launched  when  a  white 
board  is  requested  from  a  menu.  Centra 
lets  a  person  adjust  the  refresh  rate  of  the 
screen  manually  during  a  meeting.  When 
the  bandwidth  is  limited,  this  is  a  benefi¬ 
cial  feature  because  a  slower  refresh  rate 
consumes  less  total  bandwidth;  for  broad¬ 
band  users  the  default  setting  is  too  slow, 
interfering  with  collaboration  because  the 
typing  on  the  screen  and  changes  in  files 
appear  well  after  the  host  has  referenced 
the  changes.  We  liked  having  the  ability  to 
see,  either  through  name  or  initials,  the  per¬ 
son  who  makes  the  annotations  (Interwise 
did  this  very  well). 

We  were  pleased  that  a  few  services  went 
beyond  bitmapped  graphics.  Although  it 
required  an  upload  and  conversion  pro¬ 
cess,  Raindance  uses  scalable  vector 
graphics  technology  to  show  all  the 
images  and  text  in  the  shared  space, ensur¬ 
ing  high  resolution  and  independent  win¬ 
dow  sizing  for  all  participants.  Macro¬ 
media  Breeze  and  Convoq  use  Rash  paper 
and  SWF  files  (Macromedia’s  Flash  file  for¬ 
mat)  to  show  any  type  of  media  in  the 
shared  meeting  space. 

All  the  services  we  tested  with  video- 
over-IP  support  also  have  the  option  of  sup¬ 
pressing  the  video  in  one  meeting,  across  a 
group  of  users  or  on  the  basis  of  a  corpo¬ 
rate  policy  But  collaborators  in  a  Web  con¬ 
ference  might  want  to  use  the  expressions 
they  see  on  other  faces  to  interpret  the 
support  (or  lack  thereof)  of  an  idea. 

With  Centra,  Convoq,  Elluminate,  Genesys 
and  Raindance,  participants  can  see  only 
one  video  window  at  a  time,  usually  the 
presenter  or  host.  The  host  can  pass  the 
control  to  another  participant  who  will 
then  be  seen,  or  the  host  can  choose  one 
person  seen  by  all  the  others  without  pro¬ 
viding  that  person  full  control  of  the  meet¬ 
ing.  When  there  are  more  than  two  partici¬ 
pants  and  video  is  supported,  the  remain¬ 
ing  services  support  four  or  more  win¬ 
dows,  and  more  closely  resemble  a  multi¬ 
point  videoconference.  We  didn’t  use  the 
video  quality  as  one  of  the  metrics  for  our 
final  score  because  of  variations  in  our  net¬ 
work  bandwidths  during  testing.  Interwise 
has  an  unusual  implementation  of  personal 
video,  in  which  the  user  must  capture  a 
snapshot  of  himself  before  sharing/send¬ 
ing  out  the  video  to  the  server.  When  the 
person  is  not  speaking,  the  server  reverts  to 
the  still  image.  This  conserves  bandwidth 
but  reduces  the  effectiveness  of  video  to 
detect  non-verbal  reactions. 

We  experienced  the  highest  quality 
video  and  audio  with  the  Face-to-Face 
Meeting  service. The  motion  was  fluid  and 
the  windows  resizable.  The  application 
monitors  bandwidth  used  against  that 
which  is  available  and  performs  dynamic 
rate  adaptation.  We  also  really  liked  the 
way  the  Face-to-Face  Meeting  user  can  put 
a  call  on  hold  to  take  another  incoming 
call. The  application  still  needs  some  work 
as  far  as  the  window  management  and 


user  interface  are  concerned;  currently  an 
unlimited  number  of  windows  can  be 
open  at  the  same  time  and  when  one  ex¬ 
ceeds  two  or  three  it  is  very  confusing  on 
the  screen. 

We  felt  that,  although  it  didn’t  have  syn¬ 
chronized  audio  with  it  and  only  one  par¬ 
ticipant’s  video  can  be  seen  at  a  time,  the 
video  in  Raindance  Meeting  Edition  also 
offered  very  high  quality. 

We  like  the  way  Macromedia  Breeze 
offers  the  user,  the  host  or  both  indepen¬ 
dently  the  ability  to  choose  layouts  from 
pre-configured  templates,  some  of  which 
prioritize  the  video  windows  (and  others 
which  minimize  the  video  windows  and 
emphasize  the  presentation  or  data  view¬ 
ing  parts  of  the  screen). 

Managing  everything 

Users  can  change  individual  account  set¬ 
tings  (name,  phone  number,  meeting  tem¬ 
plates  and  the  like)  through  portals  or  pref¬ 
erence  settings  in  a  runtime  application.  In 
general,  the  services  tested  let  users  gener¬ 
ate  reports,  including  past  conferences, 
participants  in  conferences,  results  of 
polls,  statistics  on  archive  accesses  and 
related  historical  data.  Looking  ahead, 
account  holders  can  use  their  service  por¬ 
tals  to  view  upcoming  meetings  and  create 
new  meetings. 

Integration  with  enterprise  communica¬ 
tions  or  workflow  systems  can  greatly  re¬ 
duce  overhead  associated  with  populating 
online  directories  of  collaborators.  The 
large,  event-ready  platforms  such  as 
WebEx,  Centra,  Elluminate  and  Interwise 
let  you  import  a  list  of  people  who  could 
be  invited  to  an  event  or  conference. 
VidiTel  and  Face-to-Face  Meeting  use 
e-mail  name  convention  to  identify  partic¬ 
ipants,  and  Convoq  relies  on  a  mix  of  IM 
identities  and  e-mail  addresses,  depending 
on  how  a  person  will  be  invited. 

Centra,  WebEx,  Elluminate,  Genesys,  Mac¬ 


romedia  and  Interwise  also  have  adminis¬ 
trator  accounts  that  let  you  set  policies  on 
behalf  of  groups  of  users.  Administrator  ac¬ 
count  holders  can  modify  global  settings 
involving  meeting  archives,  network  band¬ 
width  utilization,  and  telephone  bridging 
services  for  participants  who  cannot  join 
by  VoIPThese  same  services  also  offer  spe¬ 
cial  fields  for  billing  codes,  and  let  you  ex¬ 
port  meeting  reports  in  formats  suitable  for 
accounting. 

Personal  rich  media  conferencing 
through  hosted  services  have  matured  sig¬ 
nificantly  in  the  past  two  years.  Mainstream 
users  haven’t  necessarily  discovered  the 
full  benefits  and  aren’t  clamoring  for  inte¬ 
grated  voice  and  video  yet,  but  we  believe 
that  given  the  option, they  will  quickly  want 
to  use  services  such  as  those  we  tested.  We 
felt  that  having  the  option  of  bringing  users 
together  into  an  integrated  conference 
regardless  of  their  audio  access  technolo¬ 
gies  (a  headset  or  the  built-in  computer 
audio  systems,  or  a  regular  telephone  or 
cell  phone)  is  absolutely  the  mark  all  IT 
managers  should  be  looking  to  provide 
their  users. 

Perey  is  an  independent  technology  con¬ 
sultant  in  Montreux,  Switzerland,  specializ¬ 
ing  in  rich  media  communications  in  enter¬ 
prise  and  consumer  markets.  She  can  be 
reached  at  cperey@perey.com. 
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Teaching  users 
that  change  is 
not  always  bad 


cise  was  valuable  to  Hemker  and  his  team 
as  it  taught  them  what  were  important  to 
dispatchers  when  routing  jobs. 

Eventually  approximately  1,100  employ¬ 
ees  received  training  on  the  CRM  software 
and  up  to  150  people  received  training  on 
ClickSchedule  before  the  software  was 


rolled  out  to  each  division.  By  training  a 
handful  of  key  users  first,  the  trainers  could 
answer  many  of  the  questions  that  came 
up  during  the  main  training  program  be¬ 
cause  many  of  these  questions  also  came 
up  during  the  initial  training. 

So  what’s  Hemker’s  advice  for  IT  execu¬ 


tives  who  are  just  about  to  roll  out  an  enter¬ 
prise-wide  application?  Sell  it  to  your  key 
end  users  by  training  them  first  so  they  can 
provide  input  and  evangelize  about  the 
new  application  to  their  colleagues  before 
general  rollout  and  training,  and  to  get  top- 
level  buy-in  from  the  beginning.  ■ 


■  BY  LINDA  LEUNG 


You’re  about  to  roll  out  an  enterprise 
application  that  touches  most  parts  of  the 
organization,  how  should  you  go  about 
training  the  end  users  whose  way  of  work¬ 
ing  will  dramatically  change  when  the 
new  software  is  introduced?  That  was  the 
issue  broadband  service  provider  Knology 
was  confronted  with  when  it  rolled  out  an 
integrated  CRM  and  field-service  job¬ 
scheduling  application  to  the  nine  cities  in 
five  Southeast  states  where  it  operates. 

Knology  —  which  provides  bundled 
communication  services  to  customers  in 
midsize  cities  in  Alabama,  Florida,  Georgia, 
South  Carolina  and  Tennessee  —  intro¬ 
duced  Clarify’s  CRM  system  integrated 
with  ClickSoftware’s  ClickSchedule  appli¬ 
cation  to  help  it  consolidate  its  call  center 
and  job  scheduling  functions. 

Before  the  software  was  introduced,  the 
central  customer  service  rep  juggled  differ¬ 
ent  scheduling  methods  that  each  city 
used,  says  Rob  Hemker,  senior  IT  manager 
of  applications  and  development  at 
Knology  Also,  the  traditional  method  relied 
too  much  on  the  dispatchers  —  the  work¬ 
ers  who  interface  between  field  techni¬ 
cians  and  customer  service  reps  —  know¬ 
ing  the  city  layout.  Often,  technicians  were 
dispatched  to  jobs  based  on  availability  or 
convenience  rather  than  on  the  engineer’s 
proximity  or  specific  skills,  he  says.  Now, 
ClickSchedule  schedules  jobs  to  whoever 
is  the  closest  or  who  is  best  skilled  to  solve 
the  customer’s  problem.  The  software 
allows  the  dispatcher  to  see  how  each 
engineer  is  doing  throughout  the  day  and 
whether  he  can  take  on  more  jobs. 

Knology  trained  the  corporate  training 
staff  and  a  handful  of  key  users  on  the 
CRM  and  scheduling  software  six  weeks 
before  system  launch.The  idea  was  to  “sell” 
the  software  and  functions  to  these  users 
who  could  give  their  feedback  on  the 
application  and  promote  the  benefits  of 
the  software  to  their  colleagues  before  the 
rest  of  the  company  received  training. 
Knology’s  vice  president  of  operations  also 
championed  the  software  throughout  the 
organization. 

“Change  presents  both  opportunities  and 
challenges.  We  have  used  sales  to  focus  on 
the  opportunities,”  Hemker  says.  “We  are 
becoming  more  efficient  and  freeing  them 
to  do  other  things."This  initial  training  exer- 
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U66  has  a  positive  experience  with  MPLS 


8  BY  CAROLYN  DUFFY  MARSAN 

When  it  comes  to  IP  VPN  services,  what 
do  you  care  most  about?  For  Mitch 
Barlow,  CTO  of  United  Communications 
Group,  the  answer  is  easy:  uptime. 

In  the  five  months  since  Barlow 
switched  from  private  line  services  to  a 
managed  IP  VPN  service  from  AT&T,  UCG 
has  not  experienced  any  downtime.  The 
one  significant  problem  UCG  has  faced  — 
a  virus-infected  laptop  that  was  sending 
out  so  much  traffic  that  it  slowed  overall 
network  performance  —  was  quickly 
identified  and  resolved. 

“My  top  three  priorities  for  our  VPN  ser¬ 
vices  are  uptime, having  consistent  speeds 
on  the  network,  and  having  the  ability  to 
quickly  isolate  problems,”  Barlow  says.  He 
adds  that  so  far  he  is  happy  with  his  deci¬ 
sion  to  migrate  off  a  private  network  to  an 
AT&T  service  based  on  Multi-protocol 
Label  Switching  (MPLS)  technology. 

UCG  is  a  Rockville,  Md.,  provider  of  busi¬ 
ness  publications,  conferences  and  soft¬ 
ware.  Growing  rapidly  through  acquisition, 
UCG  found  that  its  point-to-point  network 


built  out  of  private  circuits  was  unable  to 
support  new  locations  and  applications  in 
a  cost-effective  manner. 

“We  have  a  lot  of  communications  be 
tween  our  Maine  and  Florida  sites,  and  all 
of  that  had  to  come  through  Rockville,”  Bar- 
low  says.“It  was  getting  too  expensive  and 
taking  up  too  much  time  to  have  a  hub- 
and-spoke  network  design.  And  it  was  get¬ 
ting  hard  for  us  to  add  new  applications 
like  videoconferencing.” 

Last  year,  UCG  decided  to  replace  its 
network  with  an  IP  VPN.  After  talking 
with  AT&T  and  Sprint,  UCG  chose  AT&T 
as  its  ISP 

Since  October,  AT&T  has  been  provid¬ 
ing  UCG  with  MPLS-based  services  that 
link  the  company’s  headquarters  in 
Maryland  with  offices  in  California, 
Florida,  Maine,  Massachusetts  and  New 
Jersey.  A  Washington  state  office  will  be 
added  this  spring. 

UCG’s  1,200  employees  have  access  to 
the  VPN,  which  carries  e-mail  and  video- 
conferencing.  The  VPN  also  supports  key 
business  applications  including  financial 
reporting,  subscription  processing  and 


data  replication. 

“We  have  not  gone  to  voice  over  IP  yet,” 
Barlow  says.  “We’re  experimenting  with  it 
in  our  Rockville  office,  and  they’ve 
switched  to  VoIP  for  local  traffic  in  our 
New  Jersey  and  California  offices.” 

UCG  hasn’t  taken  advantage  of  any  of 
AT&T’s  managed  security  services  such 
as  personal  firewall  service  or  Internet 
Protect,  which  proactively  seeks  out 
viruses,  worms  and  other  Internet-based 
threats. 

“There’s  a  sense  of  control  you  get 
when  you  manage  your  own  firewalls,” 
Barlow  says.“We  believe  we  need  to  con¬ 
trol  that.” 

Barlow  says  he  might  eventually  out¬ 
source  firewall  management  if  he  is  sure 
that  he  can  make  immediate  changes  to 
firewall  configurations  without  needing  to 
contact  AT&T. 

“We  know  we  can’t  see  every  problem,” 
he  says.  “We  need  to  feel  confident  in  the 
network-level  firewall  services.” 

Barlow  says  his  MPLS-based  services 
cost  less  than  they  would  have  cost  to  link 
new  sites  to  the  old  private  line  network. 


“It’s  much  cheaper  than  going  with  point- 
to-point  links  to  the  new  sites,”  he  says. 

Overall,  Barlow  says  he  is  pleased  with 
his  decision  to  migrate  to  AT&T’s  MPLS- 
based  services. 

“We  are  comfortable  and  happy  with 
our  AT&T  services  today”  Barlow  says. 
However,  he  adds  that  he  has  some  wor¬ 
ries  about  the  pending  merger  of  AT&T 
with  SBC  Communications.  “Could  the 
merger  with  SBC  change  that?  Yes,  but  I’m 
hoping  that  won’t  happen.” 

Do  you  have  a  migration  story  that  you'd 
like  to  share?  Contact  me  at  cmarsan@ 
nww.com  to  tell  other  network  executives 
about  the  successes  (or  failures)  you've 
experienced  with  your  ISP 
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Anexeon  Communications,  powered  by  CommPartners,  offers  the 
nation’s  first  hosted  VoIP  service  with  CLEC  certification  in  all 
50  states.  Providing  a  groundbreaking  sales  channel  model  for 
information  technology  integrators  and  service  providers,  Anexeon 
Communications  can  help  partners  increase  profits  by  delivering  cut¬ 
ting  edge  technology  through  a  user-friendly  turnkey  business  model. 

702-938-0365  •  www.anexeoncomm.com 


BOOTH 


Array  Networks 

Array  Networks  is  a  world  leader  in  secure  application  acceleration 
and  deployment  appliances  for  global  enterprises.  Built  upon  the  Array 
SpeedStack™  technology,  Array’s  unified  secure  content  access  and 
acceleration  solutions  enable  industry-leading  performance,  integration, 
scalability  and  ease  of  implementation  and  management.  Headquartered 
in  Campbell,  California  with  sales  offices  in  the  U.S.,  Europe,  Asia  Pacific 
and  Latin  America,  Array  engineers  and  manufactures  its  products  in 
the  Silicon  Valley  and  sells  them  through  direct  and  indirect  channels 
across  the  globe. 

866-MY-ARRAY  •  www.arraynetworks.net 
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▼  BeatBox 

Technologies 

BeatBox  Technologies 

BeatBox  Technologies’  Capture  appliance  passively  monitors  a  Web 
site’s  actual  network  traffic  to  detect  errors,  performance  problems, 
fraudulent  transactions  and  security  threats.  BeatBox  Replay  visually 
replays  visitor  sessions  for  troubleshooting.  BeatBox  Replicate  replicates 
real-user  Web  site  traffic  into  a  QA  environment  for  testing  purposes. 


BOOTH 

2281 


Covaro  Networks,  Inc. 

Covaro  enables  service  providers  and  enterprise  customers  alike  to  offer 
intelligent  Ethernet  services  profitably  over  any  facility  —  copper,  fiber, 
SONET/SDH  and  DS3/DS1  (E3/E1).  Using  Covaro’s  unique  Etherjack® 
demarcation  technology,  service  providers  can  offer  carrier-grade  service 
definition,  monitoring  and  diagnostics  for  Ethernet-based  services. 
Covaro  Networks  is  headquartered  in  Richardson,  Texas. 


888-446-BEAT  •  www.beatboxtech.com 


972-759-1200  •  www.covaro.com 
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Berkeley  Varitronics  Systems 

BumbleBee™  is  a  precision  calibrated  spectrum  analyzer  that  interfaces 
with  HP's  iPAQ®  PocketPC®  and  measures  4  distinct  wireless  bands: 
900  MHz,  2. 4-2. 5  GHz,  5. 1-3.5  GHz  and  5.5-5. 9  GHz.  Users  can 
capture,  display  and  analyze  each  band  for  network  installation,  RF 
coverage  and  interference  for  standards  including  RFID,  VoIP, 
802.11(b,a,g  &  Bluetooth)  and  cordless  phones/video. 

732-548-3737  •  www.bvsystems.com 
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Crescendo  Networks 


Technology  leader  Crescendo  Networks  provides  high-performance 
application  delivery  and  acceleration  for  enterprises  and  Web  sites. 
The  unique  design  of  Crescendo’s  Maestro  Application  Delivery 
Platform  brings  instant  relief  to  overburdened  data  centers  today  — 
and  is  the  only  solution  built  to  be  part  of  the  emerging  new  data 
center  architectures.  Crescendo  Networks  delivers  high-performance 
data  center  solutions  across  the  globe. 

866-830-0400  •  732-713-4014  •  www.crescendonetworks.com 


Cipher  Solutions,  Inc. 

Cipher  Solutions  offers  Compliance,  Storage,  PKI  and  Network  Security 
Services.  ID  Thefts,  Compliance,  Exponential  growth  of  corporate  data. 
Enterprise  customers:  Cipher  Solutions  provides  assessments,  design, 
and  implementation  assistance  for  PKI,  Electronic  Signatures,  Storage 
Networks  and  Compliance. 

Vendors:  Cipher  Solutions  develops  market  positioning,  competitive 
analysis  and  design  for  Network  Security  and  Storage  Security  products. 

For  more  information  call  (919)  349-0549. 


BOOTH 
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Eicon  Networks 


Eicon  Networks  is  a  world  leader  in  high-quality  communication 
products  for  networked  business  applications.  The  Eicon  Shiva  VPN 
Gateway  family  of  products  are  proven  easy-to-use  VPN  and  firewall 
solutions  that  allow  remote  office  workers  within  enterprises  with 
multiple  locations  to  securely  connect  to  one  another. 


919-848-3040  •  www.CipherSolutions.com 


800-80-EICON  •  972-473-4533  •  www.eicon.com 
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Configuresoft,  Inc. 

Gartner  says  Configuresoft  “is  one  of  the  rare  companies  that  success¬ 
fully  span  both  ‘Operations’  and  ‘IT  Security.’”  Configuresoft  is  the 
industry  leader  in  highly  scalable  assessment,  enterprise  policy  compli¬ 
ance,  configuration  management,  and  remediation  technology.  Through 
comprehensive,  CMDB-information  collection,  organizations  ensure 
their  actual/current  state  conforms  to  any  desired  or  mandated  state. 

719-447-4600  •  www.configuresoft.com 
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^  Focused  Development  of  System  Management  Tools 

Executive  Software 

Executive  Software,  best  known  as  the  developer  of  Diskeeper®,  the 
Number  One  automatic  defragmenter,  helps  organizations  cope  with 
increasing  demands  by  developing  “Set  It  and  Forget  It®”  utilities  that 
enable  administrators  to  get  more  done  with  fewer  resources.  Free  trial 
editions  of  Diskeeper,  Sitekeeper  and  Undelete  available  at  their  Web  site. 

818-771-1600  •  www.executive.com/nww 
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FineGround 

WAN  Business  at  LAN  Speeds 

FineGround 


FineGround,  is  the  industry  leader  in  accelerating  and  optimizing  the 
performance  of  applications  and  file  services  across  the  extended  enter¬ 
prise.  FineGround  solutions  are  used  by  global  enterprises  including 
Alcoa,  BMW,  Cargill,  Sun  Microsystems,  Walgreens  and  Whirlpool. 
FineGround  is  privately  held,  headquartered  in  Campbell,  California, 
and  on  the  Web  at  www. fineground.com 

800-WAN2LAN  •  www.fineground.com 
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Fluke  Networks 

Fluke  Networks  provides  innovative  solutions  for  the  testing,  monitor¬ 
ing  and  analysis  of  enterprise  and  telecommunications  networks;  and 
the  installation  and  certification  of  the  fiber  and  copper  foundation  of 
those  networks.  Our  comprehensive  line  of  Network  Supervision 
Solutions  provides  network  installers,  owners  and  maintainers  with 
superior  vision-combining  speed,  accuracy  and  ease  of  use  to  optimize 
network  performance. 

800-283-5853  •  www.flukenetworks.com 
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optical  systems 


Metrobility 


Metrobility  Optical  Systems  designs  and  delivers  optical  access, 
connectivity  and  wavelength  multiplexing  solutions  to  enable  users 
to  integrate  and  manage  legacy  and  evolving  Ethernet  networking  tech¬ 
nologies  to  support  mission-critical  applications  for  enterprise  and 
triple-play  requirements  for  metro  Ethernet  access  networks.  Additional 
information  about  the  company  may  be  found  at  www.metrobility.com. 


800-952-6227  •  603-880-1833  •  www.metrobility.com 
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MRV  Communications 

Founded  in  1988,  MRV  Communications  provides  leading-edge 
Enterprise  solutions  —  Secure,  Advanced  Accessibility  for  your 
Network.  Our  media  cross  connect  physical  layer  switch  and  secure, 
remote  console  server  solutions  provide  you  with  infinite  flexibility  and 
ease  in  managing  your  network.  We  also  provide  a  broad  range  of 
media  converters,  optical  transport  WDM  systems  and  optical  switches. 

800-338-5316  •  www.mrv.com 
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Mycom  Group,  Inc. 

mycomPRO®  mailMAX™  protects  against  the  risks  of  e-mail.  The 
managed  service  provides  tools  for  enforcing  e-mail  policies,  scans 
for  content  with  liability  potential,  filters  spam  and  viruses.  Debuting 
at  N+I  are  add-ons  for  PGP™  based  encryption,  and  archiving.  VARs 
and  ISPs  reselling  mailMAX™  leverage  our  infrastructure  to  generate 
recurring  revenue. 


800-536-7539  •  www.mycompro.com 
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Network  Instruments,  LLC 

Network  Instruments  is  the  industry-leading  developer  of 
distributed,  user-friendly  and  affordable  network  management, 
analysis  and  troubleshooting  solutions.  The  award-winning  Observer 
family  of  products  combines  a  comprehensive  management  and 
analysis  console  with  high-performance  probes  and  network  TAPs 
to  provide  integrated  monitoring  and  management  for  the  entire 
network  (LAN,  802.11  a/b/g,  gigabit,  WAN). 

800-526-7919  •  952-932-9899  •  www.nefworkinstrumenfs.com 
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Raritan. 

When  you’re  ready  to  take  control.™ 


Raritan  Computer  Inc. 

Raritan  Computer  Inc.  is  a  leading  provider  of  solutions  for  managing 
IT  infrastructure  equipment,  such  as  servers  and  networking  hardware, 
and  the  mission-critical  applications  and  services  that  run  on  it. 
Raritan’s  highly  reliable  and  responsive  IT  management  solutions  — 
based  on  KVM  switches,  serial  console  servers,  remote  connectivity 
products  and  management  software  —  enable  companies  to  quickly 
pinpoint  problems,  as  well  as  access  and  repair  faults  from  anywhere, 
at  anytime. 

800-724-8090  •  732-764-8886  •  www.raritan.com 
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Redline  Networks 


Redline  Networks  manufactures  network  appliances  that  maximize  the 
performance  and  security  of  Web-enabled  enterprise  applications. 

The  company's  family  of  application  front  ends,  deployed  at  corporate 
data  centers,  and  web  I/O  processors,  used  by  Web  sites,  enable  users 
to  control  and  customize  any  HTTP-based  environment  while  reducing 
infrastructure  cost  and  complexity. 

877-550-6420  •  www.RedlineNetworks.com 
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Rose  Electronics 


The  UltraMatrix  Remote  is  a  powerful  product  that  extends  the  range 
and  scope  of  your  user  stations  to  control  your  servers  around  the 
office,  around  the  country  and  around  the  world.  With  its  superior 
quality,  robust  feature  set,  durability,  expandability  and  free  life-time 
firmware  upgrades,  the  UltraMatrix  Remote  is  an  outstanding  value 
for  IT  departments. 

281-933-7673  •  800-333-9343  •  www.rose.com 
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Spirent  Communications 

Spirent  develops  a  comprehensive  suite  of  network  testing  products 
that  addresses  the  unique  needs  of  Enterprise  customers.  The  compa¬ 
ny's  solutions  test  every  facet  of  the  enterprise  network  —  from  appli¬ 
cations  and  security  to  Voice  over  IP  and  network  infrastructure  — 
helping  users  increase  security  and  improve  the  performance  and 
availability  of  their  networks. 

800-927-2660  •  www.spirentcom.com/enterprise 
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SurfControl* 

Enterprise  Threat  Protection 


SurfControl 

SurfControl  is  the  worlds  leading  Internet  security  company  stopping 
blended  and  malicious  digital  threats  from  assaulting  companies. 
SurfControl  Enterprise  Protection  Suite™  is  the  only  threat  manage¬ 
ment  system  with  Adaptive  Threat  Intelligence™  to  continuously  filter 
inbound  and  outbound  Web,  e-mail  and  IM-P2P  traffic.  Thus, 
SurfControl’s  customers  are  protected  against  known,  emerging, 
internal  and  customer-specific  threats. 

*On  display  in  Cicso’s  booth  1424  and  Juniper  Networks’  booths  1448  and  915-2. 

800-368-3636  •  www.surfcontrol.com 
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Websense,  Inc. 

Websense®,  Inc.  is  the  global  leader  in  employee  Internet  management 
solutions.  Websense  products  increase  employee  Internet  productivity 
and  secure  organizations  from  emerging  Internet  threats  by  providing 
a  proactive  security  component  that  complements  traditional  security 
solutions.  Websense  provides  solutions  trusted  by  more  than  24,000 
customers  and  19.8  million  employees  worldwide. 


858-320-8000  •  www.websense.com 
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Zultys  Technologies 

The  Smarter  Solution  for  Business  VoIP 

Zultys  Technologies  is  a  premier  manufacturer  of  communications 
equipment  for  businesses  and  enterprises,  providing  solutions  that 
increase  worker  productivity  and  scale  for  future  growth.  All  Zultys 
products  are  based  entirely  on  open  standards,  ensuring  ease  of  deploy¬ 
ment  and  management  while  maintaining  complete  interoperability. 

408-328-0450  •  www.zultys.com 


All  efforts  have  been  made  to  make  this  listing  as  complete  and  accurate  as  possible.  Network  World  is  not  liable  for  errors  or  omissions. 


Shopping  for  software  maintenance 

Take  care  to  avoid  paying  for  service,  support  and  upgrades  that  you  neither  need  nor  want. 


■  BY  JOHN  FONTANA 

As  for  any  discerning  shopper,  value  is  the  end  goal  for  companies  buying  software  licens¬ 
es  and  maintenance  contracts  for  service,  support  and  upgrades.  However,  the  problem  is 
that  today  it  is  getting  harder  to  calculate  if  the  goal  has  been  met  or  can  be  met. 


For  Kennametal,  a  Latrobe,  Pa.,  manufacturer  of  tools  and 
heavy  machinery  for  industries  such  as  mining  and  con¬ 
struction,  those  calculations  started  to  get  foggy  over  the 
past  three  years  as  the  maintenance  costs  on  its  IBM  soft¬ 
ware  increased  by  double  digits. 

With  such  rising  rates,  all  companies  are  left  with  the 
issue  of  figuring  out  the  business  value  of  continuing  to 
pay  for  maintenance  contracts.  “You  have  to  know  where 
the  product  is  headed,” says  Brian  Forsyth, software  systems 
analyst  for  Kennametal.  “You  have  to  know  how  many 
times  you  used  your  [previous]  contract,  just  what  the  ven¬ 
dor  did  for  you  and  whether  you  could  have  gotten  it 
resolved  without  the  contract.  Every  vendor  wants  to  sell 
you  maintenance,  but  you  have  to  determine  what  that 
means  to  your  business  model.” 

It’s  not  an  easy  game  anymore,  according  to  users  who 
say  calculations  also  turn  on  how  many  years  the  software 
will  be  used  before  being  upgraded;  how  the  software  is 
licensed,  such  as  by  server  or  by  CPU;  how  critical  the  sys¬ 
tems  are  to  a  business;  what  is  added  in  terms  of  perks  such 
as  training  vouchers;  and  the  value  of  the  advice  on  the 
other  end  of  the  phone. 

Making  mistakes  is  getting  more  and  more  costly  experts 
say  Gartner  research  shows  that  the  cost  of  maintenance  is 
now  on  average  21%  of  the  purchase  price  of  the  product. 

“In  the  mainframe  days,  maintenance  was  about  12%  to 
15%  of  the  licensing  costs.  No  one  sells  it  for  that  these 
days”  says  Alvin  Park,  an  analyst  with  Gartner.  Among  the 
top  vendors, Oracle  is  22%, IBM  is  25%, and  Microsoft  is  25% 
on  the  server  and  29%  on  the  desktop,  he  says. 

Those  numbers  are  forcing  users  to  circle  their  decision¬ 
makers  and  come  up  with  strategies  to  ensure  they  aren’t 
paying  for  unnecessary  software  or  services.  “The  issue  is 
figuring  out  just  what  you  own  and  determining  when  is 
the  best  time  to  buy  more,”  Forsyth  says. 

Kennametal’s  strategy  is  to  do  yearly  license  renewals  for 
its  nearly  7,000  seats  of  Lotus  Notes/Domino.  “IBM  has 
added  a  lot  of  enhancements  to  the  contract  like  adding 
access  to  instant  messaging  and  Web  conferencing,  so 
there  is  some  value  there  other  than  stock  standard  main¬ 
tenance,”  Forsyth  says.  He  adds  that  those  enhancements 
help  offset  the  8%  to  12%  rise  in  maintenance  costs  he  has 
seen  over  the  past  three  years. 

Microsoft  also  has  spent  the  past  18  months  adding 
enhancements  to  its  Software  Assurance  program  such  as 
giving  users  rights  to  install  the  software  on  their  home 
machines  and  providing  training  vouchers  for  IT  adminis¬ 


trators.Those  benefits  represent  the  majority  of  the  value  in 
a  maintenance  contract  when  a  product  upgrade  doesn’t 
fall  within  the  length  of  the  contract. 

“Software  Assurance  is  something  that  Microsoft  has 
updated  to  give  companies  some  additional  benefits  for 
the  amount  of  money  they  pay  because  sometimes  prod¬ 
uct  upgrades  come  out  and  sometimes  they  do  not,”  says 
Pam  Peschel,  business  support  specialist  for  Denver  Water 
in  Denver. 


Maintenance  moves 

Negotiate  software  maintenance  agreements 

by  taking  into  account  these  basic 

recommendations: 

-  ,  .J  .'  L.  -  •  ■  t __  ...  '  v  _ _  ______ _ _____ 

•  Make  sure  the  percentage  of  licensing  costs  you 
pay  for  software  maintenance  is  based  on  the 
negotiated  discount  price  and  not  the  "then 
current  list  price.” 

•  Have  the  vendor  remove  the  words  “then  current 
list  price"  everywhere  it  appears  in  the  contract. 

•  Lock  in  the  maintenance  price  for  three  years  to 
prevent  increases  from  one  year  to  the  next. 

•  Include  a  clause  in  contract  stipulating  that  at 
renewal  any  price  hike  in  maintenance  cost  will 
be  limited  to  some  predetermined  percentage  or 
increase. 

SOURCE:  GARTNER 

Peschel  says  she  turned  to  Microsoft’s  Enterprise 
Agreement  site  license  as  opposed  to  buying  licenses  for 
each  individual  product.  The  decision  made  sense 
because  Denver  Water  upgrades  on  a  regular  cycle  and 
finds  that  the  additional  maintenance  benefits,  such  as 
home  use  rights,  provide  a  discernable  value. 

“Because  we  have  continual  maintenance  we  don’t  have 
to  go  out  and  buy  upgrades,  and  that  has  made  a  big  dif- 
ference.You  have  to  think  long-term, ’’says  Peschel,  who  sup¬ 
ports  950  desktops  and  pegs  her  yearly  maintenance  fees 
for  Microsoft  and  third-party  software  at  $150,000. 

And  users  say  you  have  to  think  across  the  entire  orga¬ 
nization. 


“Today  our  CIO  has  a  more  direct  link  with  the  CIOs  of  our 
business  units,”  says  Chip  Goodall,  senior  business  analyst 
for  Carlson  Shared  Services, a  travel, hospitality  and  market¬ 
ing  company  in  Minneapolis.  “We  are  involving  more 
departments  than  in  the  past,  and  the  CIO  drives  these  cen¬ 
tralized  [licensing  and  maintenance]  agreements.” 

However,  Goodall  says  the  licensing  game  is  getting  trick¬ 
ier  because  vendors  sometimes  change  the  way  products 
are  licensed,  such  as  CPU-based  pricing  that  has  been 
adopted  for  products  such  as  databases.  “Vendors  are 
always  looking  at  how  they  can  update  their  licensing,  and 
we  are  always  trying  to  evaluate  those  changes  vs.  what  the 
value  of  that  contract  is  to  our  business,”  he  says. 

Users  say  when  those  changes  come  in,  contracts  are 
sent  directly  to  corporate  lawyers  for  review. 

Some  users  have  taken  those  evaluations  to  creative  lev¬ 
els,  playing  all  the  angles  and  all  the  options  that  are  open 
to  them. 

Scott  Matthews,  CTO  of  Digitech  Systems,  found  Micro¬ 
soft’s  Software  Assurance  too  costly  for  his  small  to  midsize 
business.  So  he  got  creative,  using  the  company’s  expertise 
in  software  development  to  its  advantage. 

Matthews  discovered  that  certifying  the  company’s  soft¬ 
ware  under  the  Microsoft  Certified  Partner  program  enti¬ 
tled  Digitech  to  10  licenses  to  various  Microsoft  products 
for  internal  use  at  no  cost.The  Greenwood,  Colo.,  compa¬ 
ny  is  now  in  the  process  of  moving  to  Gold  Partner  status, 
which  will  give  it  100  licenses  for  the  Microsoft  products 
it  uses. 

And  given  Digitech’s  independent  software  vendor  (1SV) 
status,  they  also  receive  technical  support  on  those  prod¬ 
ucts  through  Microsoft  Developer  Network  services. 

“We  get  better  technical  support  then  what  we  were  get¬ 
ting  through  Software  Assurance,”  says  Matthews,  who  says 
the  less-than-$2,000  price  tag  for  the  partner  program  in 
addition  to  related  certification  testing  and  development 
costs  pales  in  comparison  to  his  Software  Assurance  bill, 
which  was  pushing  $70,000. 

Yet  the  certification  hasn’t  eliminated  the  need  to  license 
software  from  Microsoft  because  the  deal  doesn’t  include 
such  things  as  the  SQL  Server  Enterprise  Edition  that 
Digitech  runs. 

There  are  drawbacks  and  risks,  though.  If  the  ISV  loses 
partner  status,  it  also  loses  rights  to  run  the  Microsoft  soft¬ 
ware  that  may  well  be  running  its  business  operations. With 
Software  Assurance,  even  after  the  contract  expires  users 
can  continue  to  run  the  software  they  purchased. 

“Microsoft  has  every  right  to  change  its  business  model,” 
Matthews  says.  “Sometimes  that  comes  at  a  cost  to  your 
customers  and  partners.  Our  way  of  solving  the  problem 
was  to  come  closer  to  Microsoft.” 

It  is  such  creativity  and  attention  to  detail  that  is  helping 
companies  turn  themselves  into  savvy  licensing  shop¬ 
pers,  experts  say.  ■ 


YOUR  INFRASTRUCTURE  MAY  PROTECT  EMPLOYEES  INSIDE. 

What  protects  employees  outside? 


She  works  from  home.  She  works  from  the  road.  And  she  endangers 
the  network  everywhere  she  goes.  That's  why  you  need  Websense 
software — to  provide  security  protection  at  the  desktop  and  beyond. 
Close  the  security  gap.  Download  your  free  evaluation  today. 
www.websense.com/mobile5 


SECURING  PRODUCTIVITY, m 


©  2005  Websense,  Inc.  All  nghts  reserved.  Websense  is  a  registered  trademark  of  Websense,  Inc.  in  the  United  States  and  certain  international  markets. 


A  fun  and  informative  site  for  anyone  who's  ever 
been  in  the  data  center  when  the  bells  start  ringing. 

Securely  access  and  control  your  IT  infrastructure  with  solutions  that  simplify  and 
accelerate  incident  response,  service  restoration,  problem  diagnosis  and  repair  - 
helping  to  reduce  complexity,  MTTR  and  downtime,  while  improving  productivity, 
flexibility  and  ROI. 


ili  Raritan. 

When  you're  ready  to  take  control.™ 


SAVE  $129 


NetworkWorld  ^ 

Apply  for  a  FREE  Subscription 

($129  value) 


•  51  weekly  issues  •  Product  tests  and  reviews 

•  Expert  opinion  •  6  special  issues 


Subscribe  today  at  my.nww.com 

enter  priority  code  B04A 


SAVE  $129 


Subscribe  today  at 


my.nww.com 

Enter  priority  code  B04A  and  SAVE  $129 

NetworkWorld' 


piss 


Web -based  access 


Centralized  system  management 

Remote  incident  resolution 


Eniov  the  maaie 


Secure  KVM  over  IP  switch 


KVM 


over  IP 


Cyclades  AlterPath™  KVM/net 
offers  a  unique  set  of  features: 

■  Server-based  authentication 
(NT  domain,  LDAP,  Secure  ID,  RADIUS,  TACACS+) 

■  16  and  32  port  models 

■  CAT5  cabling  up  to  500  feet 

■  User  access  logging 

■  System  event  syslog 

■  Integrated  power  management 

We've  worked  our  magic. 

Now  you  can  work  yours. 


Over  85%  of  Fortune  100 
choose  Cyclades. 

www.cyclades.com/nw 

1.888.cyclades  «  sales@cyclades.com 


cyciades 


02004  Cfdotfas  Corporation.  AH  rights  reserved.  Afl  other  trmfanorb  and  product  imoges  are  property  oi  rfieir  respective  owners.  Product  information  subject  to  chonge  without  notice. 


KH 


T'..‘  ■ 


.  ..ail 


www.networkworld.com 


www.chatsworth.com  800-834-4969 


CPI  offers  horizontal  and  vertical  cable  managers,  overhead  cable 
runway  and  cable  trays  that  manage,  protect  and  guide  cables  to 

Organize. 


Space-saving  2-post  and  4-post  racks,  freestanding  cabinets, 
wall-mount  racks  and  cabinets,  equipment  shelves,  and  zone  and 
wireless  enclosures  that  locate,  support  and  enclose  equipment  to 

Store. 


Visit  our  booth  at  Networld  Interop  (#1865)  and 
the  BICSI  Spring  Conference  (#1017). 


Electronic  locking  systems,  seismic  bracing,  thermal  management, 
power  distribution  and  management  and  grounding  and  bonding 
products  that  lock,  brace,  cool  and  power 
equipment  to  Secure. 


Organize. 

Store. 

Secure- 

IcpI 

CHATSWORTH 
PRODUCTS.  INC. 

_ J 

TAP  into  Performance 

Monitor  mission-critical  links  with  the 
latest  technology  through  new  /rTAPs 


Stop  jeopardizing  network  performance  and  risking  costly  downtime.  Be  confident  you 
have  maximum  visibility  into  your  full-duplex  links  by  configuring  an  r/TAP  solution  that 
fits  your  network  and  budget.  Visit  www.networkTAPs.com/visibiiity  today. 


Ethernet  Copper  nTAP 

For  copper -to  copper  connections 
Choose  your  speed: 

10/100 . $395 

10/100/1000  . $995 


10/100/100 

Copper  input  with  copper  or 
fiber  output  options 
Choose  your  analysis  output: 

SX . „...$!, 995 

LX . . . $1,995 


/:  LAP 

Multiple  split  ratios 

Choose  your  port  density: 

Single  channel . 

$395 

Four  channel . 

.$1,5  5 

'  Six  channel . 

$2,395 

To  learn  more  about  how  nTAPs  can  boost  your  network  visibility  and  which  configuration  option 
is  best  for  you,  go  to  www.networkTAPs.com/visibility  or  call  866-GET-/1TAP  today. 

Free  overnight  delivery.* 


m  ce 


•Free  overnight  delivery  on  all  U.S.  orders  over  $300.00  confirmed  before  12  pm  CST. 

nTAP  and  the  nW  logo  are  trademarks  or  registered  trademarks  of  Network  Instruments,  ILC. 


itTAP1 


Extending  the  Enterprise  LAN 
with  Metro  Ethernet  Services 


Metrobility  makes  it  easy  to  deploy 
optical  Ethernet  services  across  the 
campus,  across  town,  and  across  the 
Internet.  With  support  for  multimode, 
singlemode,  and  wavelength  multiplexing 
even  the  most  demanding  requirements 
can  be  met. 


The  E-Services  N!D 

Intelligent,  secure  demarcation 
for  Ethernet  in  the  First  Mile 


Multi-level  standards-based  management 
and  enhanced  diagnostic  capabilities  mean 
staff  training  will  be  minimized  and 
network  reliability  and  performance  are 
improved. 


See  us  at  Networld+lnterop 
Booth  2117 

www.metrobility.com  ph:  1.603.880.1833 


Find  out  how  Metrobility  can  help  you 
extend  your  LAN  and  maximize  your 
infrastructure  with  optical  Ethernet. 


toll-free  1.800.952.6227 


METRobility 

**  optical  systems* 


CDI  offers: 

Hardware  encryption  over  dial-up 
and  network  connections 
RSA  certified  SecurlD  authentication 
without  a  network. 

Patented  central  management  of  all 
remote  devices 


Full  NIST,  FIPS  1 40-2  certifications 

Remote  Power  control 

Homologous  world-wide  approved 
internal  modems 


CDI  has  been  building  encryption  equipment  for  over  fifteen  years.  Our  customers  and  partners  include 
major  financial  institutions,  government  agencies,  major  telcos,  utilities,  and  the  United  States  military. 


Communication  Devices  Inc. 
www.outofbandmanagement.com 


REAL  SECURITY 


REAL  CROSS-PLATFORM 


REAL  SUPPORT  OPTIONS 


Nothing  comes 
remotely  close 


Are  you  adrift  in  a  sea  of  remote  support  software 
options  -  but  with  none  that  meet  all  your  needs? 
NetOp  Remote- Control  is  different.  Unlike  the  bargain 
products  or  those  buried  in  other  applications  - 
NetOp  is  designed  specifically  to  meet  the  remote 
support  and  administration  needs  of  professional 
users  like  you.  NetOp  is  remarkably  flexible,  letting 
you  securely  access  users  running  virtually  any 
operating  system  and  connect  across  all  standard 
communication  protocols.  NetOp's  incredible  speed 
let's  you  quickly  fix  problems  on  distant  LANs,  over 
the  Internet,  or  even  over  slow  modem  connections. 
But  even  more  importantly,  you  can  do  all  this  in 
total  safety,  thanks  to  NetOp's  unparalleled  set  of 
security,  compliance  and  auditing  features.  Give 
your  organization  the  support  -  and  protection  -  it 
deserves.  NetOp  Remote  Control  -  Nothing 
comes  remotely  close. 


Centralized  user  rights, 
authentication  and 
authorization;  multiple 
passwords,  notification 
options  and  encryption 
levels;  advanced  logging, 
session  recording  and 
more.  Optional  Security, 
Name  and  Gateway  server 
modules. 


Access  any  Windows,  Linux 
or  Mac  OS  X  system  from 
your  Windows,  Linux  or 
Solaris  desktop,  a  web 
browser,  Pocket  PC 
handheld,  via  Terminal 
Services,  dial-up  modems 
or  even  launch  NetOp  from 
your  USB  Thumb  Drive  on 
a  temporary  PC. 


Award-winning  remote 
control,  inventory,  remote 
management,  file  transfers, 
VoIP  &  text  chat,  scripting; 
tightly  integrates  with 
systems  management 
applications;  configure  & 
deploy  to  remote  users; 
session  recording  and 
playback,  and  much  more. 


Download  an 
evaluation  copy  at 

www.RemoteControlSW.com 


NetOp 

Remote  Control 


www.networkworld.com 


Overheated? 


Plug  In 

The  Simple 
Solution. 


MovinCool  spot  air  conditioners 

are  the  answer  to  your  overheating 

problems.  Just  roll  it  in.  Plug  it  in. 

Turn  it  on.  It’s  that  simple. 

►Up  to  60,000  Btu/h  of  cooling 
power  right  where  and  when 
you  need  it 

►Protects  against  data  loss  and 
equipment  failure 

►#1  in  portable  air  conditioning 
for  over  30  years 

►The  only  portable  air 
conditioner  ETL-verified 
for  performance 


ViSlT  Qhb 
N+l  SHn... 


■m 


/VO/INCOOL 


® 


THE  #1  PORTABLE  SPOT  COOLING  SOLUTION 

800-264-9573  or  visit  www.movincool.com 

©2005  DENSO  Sales  California,  Inc.  MovinCool,  SpotCool  and  Office  Pro  are  registered  trademarks  of  DENSO  Corporation. 


COMMUNICATIONS 


PRODUCTS 


We  Buy  and  Sell 

New  and  Refurbished 

Fuily  Guarar 
Overnight  Delivery 


_  C  'SCO 


Inclu  ling  IGX, 
Bi  [  &MGX 


n-  A  ■  ' : 

t  v,;;--  • 


Route 
Switches 
Interface  modules 
Access  Servers 
Muxes 
DSU/CSU's 


Nortel  (Bay)  Networks 
Lucent (Ascend) 

^  Juniper  ■  Extreme  -  Foundry 
Adtran  ■  Larscom  ■  ADC  &  others 


www.mlcp.com 

sales@mlcp.com 


800-T0-MULTI  800-866-8584 


How  Do  You 
Distribute 

20,000  Watts  in 

Your  Cabinet? 


iti 


Server 

Technology 


S.oJutiohsifOr  thc  Data  Center  E-ggipmenf  Ca'6:net:. 


Sentry  CDU  Cabinet  Power  Distribution 


Power  demands  from 
today's  new  servers  require 
greater  power  distribution 
in  the  equipment  cabinet. 
The  Sentry  CDU  distributes 
power  for  up  to  42  dual¬ 
power  1 U  servers  in  one 
enclosure.  Single-phase  or 
3-phase  input  With  110  VAC, 
208  VAC  or  mixed  110/208 
VAC  single-phase  outlet 
receptacle  , 


High-density  Equipment  Cabient  Power  Distribution  « 

84-Outlet  Receptacles « 

20,000  Watt  3-Phase  Power  Distribution  Model 

10,000  Watt  208  VAC  Power  Distribution  Model 

True  RMS  Power  Monitoring  per  Branch  Circuit « 
Local:  Digitial  Displays,  Remote:  via  Interface 

Input  Power  Monitoring  Facilitates  Load  Balancing 

Web  Interface  « 

SNMP,  MIB  &  Traps  « 

Integrated  Temperature  &  Humidity  Probes 

Color-coded  Outlets  by  Branch  Circuit/Electrical 
Phase  for  Easy  Identification 

Center  Rail  "Notch"  for  Simplifying  Cabinet  Installation  « 


Server  Technology,  Inc. 

1040  Sandhill  Drive 
___  Refo.Y. 


toll  free +1.800.835.1515 

tel  +s.  7,7:5. m?  000 
fax  +1 .775,284.^065 
www.serveiiecti.com 
sales@seFVertech.com 


© Server  Technology,  Inc  Sentry  is  a  trademark  of  Server  Technology.  Inc 


SENSAPHONE 


IM5-4DDD 


Sends 

SNMP 

Messages 


Monitors 

64 

IP  addresses 


Embedded 

Web 

Server 


Sends 

E-Mail 


Power 

Outage 

Alarming 


Internal 

UPS 


Power 

Control 

Interface 


Internal  Voice, 
Ethernet  Modem 
Port  &  Pager  Port 


8  R|-45  Sensor  Inputs 

(Temperature,  Humidity, 
Water,  Motion,  Power, 
Smoke/Fire) 


Microphone 

(or  Sound 
Monitoring 


BE  NOTIFIED  BEFORE  CRITICAL  EVENTS  TURN  INTO  DISASTER! 


•  Eight  environment  inputs 

•  Power  sensing 

•  Monitors  64  IP  addresses 

•  Send  alerts  to  64  people 

•  8  methods  of  contact 

•  Calendar  scheduling 

•  Expands  to  256  sensors 

•  Remote  power  control 

•  Optional  camera 


The  Sensaphone  IMS-4000  Infrastructure 
Monitoring  System  monitors  critical  environ¬ 
mental  and  network  elements  in  your  server 
room,  data  center,  or  telecomm  installation  and 
reports  to  you  instantly  when  events  threaten 
your  infrastructure.  The  IMS-4000  keeps  watch 
so  you  don't  have  to.  See  these  features  and 
more  on  the  web  at  www.ims-4000.com 


Tel:  877-373-2700 
www.ims-4000.com 


Ph<  letics,  Inc. 
901  Tryens  Road 
Aston,  PA  19014 


SERVERS  WITHIN  YOUR  REA  H 
FROM  ANYWHERE  ^ 


LC  :al  or  remote  server  m  anagement  solutions 


I  ? 


. 


•v 
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UltraMatrix™ 

Remote 


MATRIX  KVM  SWITCH  WITH 
INTEGRATED  REMOTE  ACCESS  OVER  IP 


UltraMatrix™ 

E-series 


PROFESSIONAL  MULTI-USER  KVM  SWITCH 
2  -  4  KVM  STATIONS  TO  1,000s  OF  COMPUTERS 


KVM  OVER  IP 


System-wide  connectivity  locally  or  over  IP  from  any 
location  worldwide 


KVM  SWITCH 


i  frnWntri  mote 


URroMuH*  nemot* 


UH'oMolw  Remote 


Connects  1,000  computers  to  up  to  256  user  stations 
Supports  PC,  Sun,  Apple,  USB,  UNIX, 
ana  serial  devices 

High  quality  video  up  to  1280  x  1024 

Secure  encrypted  operation  with  login  and  computer 

access  control 

Scaling,  scrolling,  and  auto-size  features 

View  real-time  4  computer  connections  using  the  quad- 

screen  mode 


PC  or  multi-platform  (  PC/Unix,  Sun,  Apple,  others) 

On-screen  menu  informs  you  of  connection  status 

between  units  in  an  expanded  system 

Powerful,  expandable,  low  cost 

No  need  to  power  down  most  servers  to  install 

Security  features  prevent  unauthorized  access 

Free  lifetime  upgrade  of  firmware 

Video  resolution  up  to  1600  x  1280 

Available  in  several  models  • 

Easy  to  expand 


The  UltraMatrix  Remote  represents  the  next  generation  in  KVM  switches.  It 
not  only  provides  a  comprehensive  solution  for  remote  server  console  access, 
this  access  can  be  local  or  from  any  workstation  on  your  network  over  IP. 


The  UltraMatrix  E-Series  represents  the  latest  in  KVM  matrix  switch 
technolog,  at  an  affordable  price.  The  E-Series  allows  you  to  connect  up  to 
256  users  to  as  many  as  1,000  computers.  The  UltraMatrix  E-Series  is 
available  in  several  sizes:  2x4,  2x8,  2x16,  4x4,  4x8,  4x16,  1x8,  and  1x16 
and  either  PC  or  multi-  platform. 


UltraConsole™ 

KVM  SWITCH 


SINGLE  USER  KVM  SWITCH 


Supports  PC,  Sun,  UNIX,  Linux,  USB,  and  serial  devices 
Supports  serial  devices  such  as  routers  and  emulates 
VT100/220  terminals 

Plug-in  expansion  cards  allow  the  system  to  easily  be 

expanded  as  the  system  grows 

An  expanded  system  can  connect  up  to  1,000 

computers  to  a  console  user  station 

Powerful  and  expandable,  yet  low  cost 

Video  resolution  up  to  1600  x  1280 

On-screen  menu  informs  you  of  connection  status 

between  units  in  an  expanded  system 

Multi-lingual  Menu  (English,  French,  German,  Spanish, 

Italian,  Portuguese) 


CrystalView  Pro™ 

EXTENDER 
OVER  FIBER 


DVI/VGA  DIGITAL  KVM 
EXTENDER  OVER  FIBER 


DVI  and  VGA  video  modes 

■  PC  and  USB 

■  PS/2  and  USB  keyboards  and  mouse. 

■  Full  stereo  audio  (optional) 

Serial  (optional) 


<r  / 


RCA' 


Ethernet  lOBaseT  Network  management  (optional) 
Extend  a  KVM  station  from  a  CPU  using  fiber  cable: 

■  (MultiMode)  62.5-micron  cable  tp  to  650  ft 

■  (MultiMode)  50-micron  cable  up  to  1,300  ft 

■  (SingleMode)  9-micron  cable  up-to  33,000  ft 
(6  miles) 

Video  resolution  up  to  1600  x  1200 


Flexible  modular  architecture 


.  .  ;  V/.  • 


.  •  /•  "  '  r. 


The  UltraConsole  represents  the  latest  in  KVM  switching  technology  at 
affordable  prices.  The  UltraConsole  allows  for  a  central  user  station  to  connect 
to  four,  eight,  or  sixteen  computers  per  chassis,  expandable  to  as  many  as 
1,000  computers,  servers,  or  serial  devices. 


The  CrystalView  Pro  fiber  is  the  KVM  extender  of  choice  for  businesses  that 
need  to  extend  and  operate 


distance. 


a  computer,  server,  or  KVM  switch  from  a  great 

il/nr  fhir  nArriKIn  h  1 1  fhn  i  i  rrt  Ctlnd-ird  fihAr 


The  CrystalView  Pro  fiber  makes  this  possible  by  the  use  Of  standard  fiber  .  ,  -  . 


■  KVM  RACK  DRAWER  WITH  KVM  SWITCH  OPTION 

The  RackView  offers  the  latest,  most  efficient  way  to 
organize  and  streamline  your  server  rooms  and 
multiple  computers.  The  RackView  is  a  rack 
mountable  KVM  drawer  neatly  fitted  in  a  compact 
pull-out  drawer.  This  easy-glide  KVM  drawer  contains 
a  high-resolution  T FT/LCD  monitor,  a  tactile 
keyboard,  and  a  high-resolution  touchpad  or  optical 
mouse. 


RackView 

Fold-Forward 


RackView  RackView 

Fold-Back  LCD  Monitor 


RackView 

Keyboard 


ROSE  US 
ROSE  EUROPE 
ROSE  Asia 
ROSE  Australia 


+281  933  7673 
+44  (0)  1264  850574 
+65  6324  2322 
+617  3388  1540 


800-333-9343 

www.rose.com 


ELECTRONICS 


»  Secure  Shell  (SSHv2)  Encryption 
a  Simultaneous  SSH  or  Telnet 
«  TACACS  &  RADIUS  Authentication 
a  Dial-Back  Security  on  Modem  Port 
s  Command  Logging  with  Audit  Trail 
a  SYSLOG  Reporting 
b  ntp  Server  Ready 
b  Any-to-Any  Port  Switching 
b  Non-Connect  Port  Buffering 
b  Port-Specific  Password  Protection 
b  Data  Rate  Conversion 
b  Rack  Mountable  -  Requires  1  Rack  Unit 
a  115/230  VAC  or  -48  VDC  Models 

The  SCM-1 6  Secure  Console  Management  Switch  provides  in-band  and 
out-of-band  access  to  RS232  console  ports  on  UNIX  servers,  routers  and  any  other 
network  elements  which  have  a  serial  console  or  craft  port.  System  administrators 
can  access  serial  maintenance  ports  over  the  network  via  SSH  connections  and  simple, 
menu-driven  commands  or  through  a  discrete  TCP  port  connection,  mapped  directly  to 
one  of  the  SCM-1 6  serial  outputs. 

-I  Visit  Website  for  Complete  NetReach  ™  Product  Line 

“inn  □  (800)  854-7226  •  www.wti.com 

Li  LJ  I  |“|  5  Sterling  •  Irvine  •  California  92618-2517 

U  (949)586-9950  •  Fax:(949)583-9514 


Web  Browser  Interface 
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Yes,  We  are  Customer  Friendly! 

✓  Two  Year  Warranty 

✓  We  Stock  for  Same  Day  Shipment 

✓  30  Day  Return  Policy 

✓  Call  or  Email  for  an  Online  Demo 


western  telematic  incorporated 


©r  Out-Of-Band  Access  to  Consoles  at  Remote  Locations 


INTELLIGENT 


ETHERNET 


LOOKING  FOR  INTELLIGENT  ETHERNET  SOLUTIONS? 

LOOK  NO  FURTHER. 


■V  WITH  EIHERJACK®  FROM  C0VAR0  NETWORKS  you'll  have  all  the  Ethernet 
"  p^retatiQ&s,  administrations  and  maintenance  capabilities  that  you'll  need  to  offer  an  intelligent, 

.  ^differentiated  arid  profitable  Ethernet  service. 

• 

'^ery.Etherjack"'  port  on  the  Covaro.  Connection  family  of  products  contains  an  Ethernet  NID 
friction  to  enable  remote  monitoring,  testing  and  diagnostics  on  both  sides  of  the  network.  In 
;;  J'idtf(tfon,  the  Etherjack'  demarcation  point  incorporates  an  Ethernet  UNI  with  advanced  service 
v:.‘  definition  to  enable  the  classification  and  prioritization  of  customer  traffic.  And  all  of  our 
/  solutions  are  aligned  with  emerging  EFM,  MEF  and  ITU  standards  definitions. 


'..  .‘  Fdri  mdfe Information  on  Etherjack”, and  our  full  suite  of  Ethernet  extension,  aggregation  and 
>^enjsfrcaiion  solutions  go  to:  http://www.covaro.com/intelligent 

;,aV  .Av*.-.  .  ' 

Visit  Covaro  at  Networld  +  Interop  2005 
•  May  3-5,  Booth  #2256 

Vtr  v£*. Inc  AJi. rights  reserved  Covaro  Networks  the  Covaro  logo 
'^^Tj‘  C^f^>r>pc)iore)rodefnQrfii  dr  registered  tradcmorks  gf  Covaro  Networks,  Inc 


Covaro 


Production  Tracking  Over  Ethernet 


BBQQQGSi 
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Eliminate  your  shop-floor 
PCs  with ... 

Ethernet  Terminals  from 
ComputerWise  connected  to 
your  in-house  LAN. 

Capture  production  data 
directly  into  files  on  your 
server. 


Features  &  Benefits 

•  Interactive  Telnet  Client 

•  TCP/IP  over  10/IOOBaseT  Ethernet 

•  Built-in  Barcode  Badge  Reader 

•  Optional  Mag-Stripe  &  RFID  Ba<  ge  Reader 
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interop  News 

Cisco’s  many  WLAN  blueprints 

The  company  is  offering  several  ways  to  connect  various  networks  with  secure,  managed 


WLANs. 


Larger  offices  with 
current  Cisco  LANs  can 
overlay  Airespace  WLANs 
onto  the  wired  network. 
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Small  branch 


Aierspace  WLAN 
switch  and  access 
points 


Routers  with 
integrated  WLAN 
and  switching 
support  all  devices 
in  small  offices. 


Large  companies  can 
integrate  WLANs  into 
current  Catalyst 
switch  architecture. 


Large  enterprise/corporate  headquarters 
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We’ll  support  both  Airespace  and 
Cisco  products.” 

Although  the  goal  is  integration, 
neither  executive  gave  much 
detail  about  how  that  will  be 
achieved.  Galloway  says  Cisco 
will  keep  offering  the  two  WLAN 
alternatives,  even  as  it  gradually 
shifts  key  functions  into  Cisco 
switches  and  routers. 

“It  takes  forever  for  Cisco  to  kill 
a  product  line,”  says  Abner 
Germanow,  director  of  Enterprise 
Infrastructure  with  IDC.“The  chal¬ 
lenge  [for  Cisco]  is  stepping  up 
and  explaining  where  each 
WLAN  architecture  is  most 
appropriate.” 

WLAN  evolution 

The  WLAN  market,  unlike  the 
more  mature  and  stable  Ethernet 
switch  market,  continues  to  breed 
innovation,  Germanow  says.  “The 
market  is  moving  from  ‘one  size 
[architecture]  fits  all’  to  ‘multiple 
sizes,’  ”he  says.  Whereas  Cisco  and 
Airespace  spent  the  last  two  years 
bashing  each  other’s  architecture, 
now  they’re  “one  big  happy  fami¬ 
ly”  precisely  because  they  can 
offer  customers  whichever  archi¬ 
tecture  they  prefer,  he  says. 

And  of  course  the  names  have 
been  changed:  The  Airespace 
products  have  been  re-branded 
the  Cisco  100  Access  Fbint,  the 
Cisco  2000  and  4100  WLAN 
Controllers,  and  Cisco  Wireless 
Control  System  for  network  man¬ 
agement.  They  join  the  Aironet 
access  points,  Catalyst  6500  series 
switch  with  the  Wireless  LAN 
Services  Module  and  CiscoWorks 
Wireless  LAN  Solutions  Engine  to 
manage  them. 

Galloway  says  they  are  focusing 
on  three  integration  areas.  The 
first,  due  sometime  later  this  year, 
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will  be  software  that  will  let  cur¬ 
rent  Aironet  access  points  talk  to, 
and  be  managed  by,  an  Airespace 
controller. This  new  code  will  add 
Lightweight  Access  Point  Proto¬ 
col  to  the  Aironet  devices,  along 
with  other  features  the  Cisco 
executives  wouldn’t  disclose. 

“Customers  are  hugely  positive 
about  this,"  Galloway  says.  “They 
can  use  an  Airespace  controller 
for  security  and  ease  of  use,  also 
use  our  intrusion-prevention  fea¬ 
tures  and  location  services,  and 
we  aren’t  going  to  make  them  rip 
out  their  Cisco  access  points.” 

In  the  meantime,  a  number  of 
Airespace  software  upgrades  and 
new  products  under  develop¬ 
ment  at  the  time  of  the  acquisi¬ 
tion  will  roll  out  in  coming 
months.  These  will  include  a  new 
high-end  switch  and  an  outdoor 
wireless  mesh  access  point. 


The  second  area  of  integration 
will  involve  moving  software 
functions,  from  Cisco  WLAN  prod¬ 
ucts  and  the  Airespace  controller, 
into  a  range  of  other  network  de¬ 
vices,  including  switches  and 
routers.  Cisco  has  been  moving  in 
this  direction  for  more  than  a 
year,  introducing  last  year  the 
Wireless  LAN  Services  Module, 
which  slots  into  the  Catalyst  6500 
switch.  Now  this  effort  will 
include  the  Airespace  software. 
“We  delivered  our  technology  in 
an  appliance,  but  the  core  is  real¬ 
ly  software,"  Galloway  says. 

IDC’s  Germanow  thinks  corpo¬ 
rate  executives  are  sometimes 
ambivalent  about  an  integrated 
wired  and  wireless  network,  large¬ 
ly  because  of  the  potential  to 
have  to  change  router  and  switch 
configurations.  “They  want  an 
integrated  infrastructure,  but 
sometimes  it’s  just  easier  to  do  a 
WLAN  as  an  overlay  network.” 

The  third  area  of  integration  will 
involve  shifting  a  range  of  WLAN 
security  functions,  such  as  ele¬ 
ments  of  802.1  li  encryption  and 
key  management,  802.  IX  authen¬ 
tication,  and  wireless  intrusion 
detection  and  prevention,  into 
Cisco’s  emerging  “self-defending 
network”  effort.  Neither  executive 
would  provide  more  detail. 

Cisco’s  Network  Access  Control 
(NAC)  program,  through  which 
Cisco  is  trying  to  gain  greater  con¬ 
trol  over  client  devices  attempt¬ 
ing  to  access  the  network,  is  part 
of  the  self-defending  network 
vision. 

One  benefit  of  the  Cisco  acqui¬ 
sition  is  the  ability  to  influence 
client  direction,  Galloway  says.'As 


a  small  company,  Airespace  had 
no  ability  to  focus  on  or  influence 
the  wireless  client,”  he  says.“Cisco 
has  partnerships  with  companies 
like  Intel  to  do  just  this.  As  Aire¬ 
space,  we  could  only  deal  with 
half  of  the  [wireless]  equation.” 

Wild  West 

“To  enterprise  users,  the  client 
device  world  is  like  the  Wild 
West,”  Germanow  says.“You  don’t 
have  a  whole  lot  of  control  over 
the  client.  Cisco  is  big  enough  to 
be  able  to  go  to  Intel,  Microsoft, 
Atheros  [a  leading  WLAN  chip 
maker]  and  say ‘if  you  change  X, 
it  will  ease  these  support  and 
troubleshooting  issues  for  our 
customers.’ “ 

Radio  frequency  management, 
and  voice  over  Wi-Fi,  with  its 
attendant  need  for  high  quality  of 
service  and  fast,  secure  roaming 
(the  focus  of  the  IEEE  802.1  lr 
work),  are  two  areas  where  this 
collaboration  on  the  client  will 
directly  benefit  enterprise  users, 
Leonard  says.  The  client  wireless 
network  interface  cards  will  be 
able  to  play  a  role  in  manage¬ 
ment  of  the  radio  frequency  envi¬ 
ronment,  providing  more  discrete 
control,  and  it  will  be  possible  to 
push  QoS  rules  down  to  clients 
for  converged  environments. 

Galloway  says  corporate  WLANs 
will  need  that  level  of  control  to 
meet  the  demand  for  new  wire¬ 
less  applications  “You  put  in  wire¬ 
less  infrastructure  and  it  pulls 
applications  into  it,”  he  says. 
“Networks  breed  applications 
and  applications  drive  net¬ 
works.  It  works  in  a  circle." 

In  related  news  this  week  at 


IT  team  the  needed  metrics  to  better  support  the  business’  critical 
applications.  He  is  evaluating  BusinessPulse. 

“'This  type  of  tool  could  monitor  customer-facing  components  and 
how  they  actually  respond  on  the  Web.  It’s  collecting  real  user  data;  it’s 
not  a  simulation,”  he  says.“If  customers  lose  availability  we  could  dig 
into  the  data  to  see  why,  what  happened,  when  they  dropped  off.” 

According  to  industry  watchers,  network  managers  will  be  more 
pressed  to  know  the  real-world  user  experience  with  their  companies’ 
customer-facing  Web  applications. 

“IT  managers  haven’t  really  focused  on  end-user  monitoring. 
Historically,  they’ve  had  to  deal  with  other  issues  like  reliability  scala¬ 
bility  availability  and  security  And  those  continue  to  be  core  responsi¬ 
bilities.  but  more  and  more  end-user  satisfaction  with  applications  is 
becoming  part  of  a  network  manager’s  job,”  says  Ray  Valdes,  an  analyst 
with  Gartner. 

Senior  Editor  Tim  Greene  contributed  to  this  story. 
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Interop,  Cisco  is  set  to  showcase 
new  routers  with  built-in  WLANs 
based  on  the  Cisco  Aironet  prod¬ 
ucts.  The  routers,  and  router 
boards,  now  will  be  able  to  han¬ 
dle  WLAN  traffic,  as  well  as  local 
Ethernet  connectivity  and  WAN 
connections,  creating  a  network- 
in-a-box  device  that  can  be  de¬ 
ployed  easily  across  many  loca¬ 
tions,  the  vendor  says. 

New  routers  include  the  Inte¬ 
grated  Services  Router  (ISR)  800 
and  1800  series.  Cisco  also  is 
announcing  WLAN  access  point 
modules  for  its  higher-scale  ISR 
routers,  as  well  as  higher-density 
power-over-Ethernet  (FbE)  switch 
modules,  and  new  blades  that 
offers  improved  network  analysis 
management. 

All  ISR  1800  series  routers  can 
act  as  an  802.1  la,  b  and  g  access 
point,  and  include  an  eight-port 
10/100M  bit/sec  Ethernet  switch 
with  FbE.  Pricing  starts  at  $1,300. 

The  ISR  870  and  860  are  aimed 
at  small  offices  or  teleworkers. 
The  870  includes  an  802.1  Ig 
radio,  QoS  support  for  WAN  traffic 
and  a  four-port  10/100  LAN 
switch  with  FbE.  Different  models 
are  available  with  integrated  DSL 
or  an  Ethernet  port  for  cable 
modem  connectivity.  The  850 
includes  802. 1  lg,  four  LAN  ports 
(without  FbE)  and  DSL  or  cable 
modem  support.  The  870  series 
starts  at  $650  and  the  850  series 
starts  at  $400. 

All  of  Cisco’s  ISR  products 
include  VPN,  firewall,  intrusion 
detection  and  URL  filtering  capa¬ 
bilities  embedded  in  hardware  on 
the  router,  as  opposed  to  running 
as  software  services  or  expansion 
modules  in  the  device. 

A  Pleasanton,  Calif.,  firm  that 
provides  outsourced  logistics  and 
warehouse  management  services 
to  manufacturing  companies  will 
deploy  ISR  1800  routers  with  inte¬ 
grated  WLAN  over  the  next  sever¬ 
al  months. 

“I  like  the  office-in-a-box  idea,” 
says  Grant  Opperman,  chief 
technologist  at  D.W.  Morgan 
Company,  which  often  sets  up 
small  field  offices  at  employee 
warehouse  or  logistic  sites, 
sometimes  in  temporary  struc- 
tures.“I  see  us  being  able  to  get  a 
customer  signed  on  a  Friday  and 
have  an  office  opened  on  their 
site  by  Monday? 

He  says  the  integrated  WLAN 
capabilities  also  could  help  his 
company  roll  out  WLAN-sup- 
ported  bar  code  scanning  and 
inventory  tracking  systems  at 
customer  sites.  VoIP  over  WLANs 
is  another  potential  application 
he  is  looking  at  with  the  ISR 
boxes.  ■ 
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We  triple-dog-dare  you. 


Trojans,  worms,  viruses,  and  application  attacks  don't  scare  the 
all-in-one  Sidewinder  G/  Security  Appliance.  It  scares  them! 

It  detects  and  stops  them.  It  protects  thousands  of  networks  all 
over  the  world  and  it  can  protect  yours.  It  includes  the  world's 
strongest  application-layer  firewall  that  has  never  been  compro¬ 
mised.  You  can  even  add  optional  anti-virus,  anti-spam,  e-mail 
and  Web  content  filtering,  SSL  VPN,  and  more. 

For  a  free  evaluation,  call  1  800  379-4944. 

New  Security  Assessment  Report  Available!  Read  Black  Hat  Consulting's 
Security  Assessment  Report  on  the  Sidewinder  G2  Security  Appliance.  This 
report  details  how  this  appliance  handles  real-world  attack  methodologies, 
ranging  from  layer  two  to  layer  seven  attack  methods  as  referenced  against 
the  OSI  model.  Visit  www.securecomputing.com/goto/blackhat 


COMMON  CRITERIA 

EAL4  +  CERTIFIED 


Securing  the  connections  between  people,  applications,  and  networks  ™ 

All  trademarks  used  herein  belong  to  their  respective  owners 


Firewall/Security  Appliance 
Sidewinder  G2®  Security  Appliance 
Sidewinder  G2®  Enterprise  Manager 

Strong  Authentication 
SafeWord"'  RemoteAccess'" 

SafeWord'  RemoteAccess,™  Cisco  compatible 
SafeWord®  PremierAccess 
SafeWord'  for  Check  Point 
SafeWord*  for  Citrix"'  MetaFrame* 

SafeWord'  for  Nortel  Networks 

Web  Filtering 

SmartFilter,®  Sentian,™  Bess* 

www.securecomputing.com 
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State  Farm 
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are  essentially  rolling  claims  offices. 

A  kit  —  what  the  team  calls  a  WAN  in  a  can  —  is  a  trunk-size 
box  that  has  a  small  equipment  rack  inside. The  front  and  back 
unbuckle  and  pop  off  to  reveal  a  Cisco  PIX  firewall,  a  Cisco 
Catalyst  2950  switch,  an  HP  print  server  (in  many  but  not  all 
cans),  and  the  appropriate  interface  for  the  type  of  WAN  link  to 
be  used  —  dial  up,T-l  or  very  small  aperture  terminal. 

“We  have  enough  kits  to  support  150  total  sites  at  any  one  time,” 
Cox  says.That’s  our  [service-level  agreement]  with  the  State  Farm 
Catastrophe  Services  group.”  There  are  90  dial-up  kits  (40  outfitted 
with  print  server  appliances),  30  forT-1  links  and  33  for  use  with 
VSATs. 

When  catastrophe  strikes,  the  company  estimates  the  extent  of 
the  damage  and  the  number  of  likely  claims,  and  then  responds 
in  kind.  The  goal  is  to  set  up  shop  as  close  as  possible  to  the 
action,  and  that  often  means  renting  temporary  office  space  for 
claims  representatives  and  shipping  out  the  kits  and  other  gear 
necessary  to  bring  the  office  online. 

The  network  connection  of  choice  isT-l,but  often  the  lead  time 
is  too  great  or  the  telco  facilities  have  been  damaged  by  the  cat¬ 
astrophe,  as  was  the  case  last  year  in  hurricane-ravaged  Florida. 
In  those  cases VSAT  dishes  are  set  up  to  link  the  temporary  offices 
back  to  State  Farm  data  centers. 


CRVs  AND  MCFs 

Two  of  the  four  emergency  trucks  State  Farm  can  dispatch  have 
VSAT  antennas  mounted  right  on  the  roof. 

These  Catastrophe  Response  Vehicles  (CRV)  —  one  is  36  feet 
long  and  the  other  is  23  feet  —  can  be  deployed  directly  into 
afflicted  neighborhoods  and  are  essentially  self-contained 
offices,  Cox  says. 

The  smaller  of  the  two,  for  example,  is  outfitted  with  generators, 
UPS,  fax  machines,  printers  and  desk  space  for  four  with  Ethernet 
jacks, say  nothing  of  a  TV  refrigerator,  microwave  and  a  bathroom. 

When  this  CRV  arrives  on  the  scene,  pushing  a  single  button  will 
raise  the  3-foot-long  VSAT  antenna  on  the  roof.  It  uses  GPS  to  fig¬ 
ure  out  where  it  is  and  where  to  point  itself  to  acquire  the  appro¬ 
priate  satellite  signal. 

The  512K  bit/sec  Ku-band  link  supports  data  traffic, VoIP  to  the 
corporate  backbone,  DirecTV  for  Weather  Channel  access  and 
video  for  interactive  distance  learning. 

While  VoIP  over  satellite  has  the  usual  satellite  delay  the  sound 
quality  is  good,  he  says. What’s  more.it  mate  it  possible  for  State 
Farm  to  route  1-80OCLAIMS  calls  directly  to  the  truck,  if  need  be. 

The  two  CRVs  complement  two  similarly  outfitted  but  larger 
semi-truck  trailers  that  State  Farm  calls  Mobile  Catastrophe 
Facilities  (MCF).The  53-foot-long  MCF  trailers, which  expand  like 
large  recreational  vehicles, can  handle  four  to  five  teams  of  claim 
representatives  —  up  to  50  people  —  with  some  situated  inside 
and  others  working  outside  with  customers. 

While  the  CRVs  can  be  driven  right  into  neighborhoods,  the 
MCFs  are  designed  to  service  larger  areas.“We  get  permission  to 
park  an  MCF  in  a  Wal-Mart  or  Home  Depot  parking  lot,  pop  it 
open  and  start  processing  claims,”  Cox  says.“We  can  even  set  up 
a  drive-through  for  cars.”The  MCFs  can  be  tied  to  the  State  Farm 
network  via  VSAT  orT-1. 

After  a  Force  5  tornado  with  winds  greater  than  300  mph  ripped 
through  La  Plata,  Md.,  in  2002, State  Farm  deployed  an  MCpset  up 
shop  in  the  decimated  area  and  was  processing  claims  within  48 
hours,  Cox  says. 

Looking  down  the  road,  Cox  says  an  emerging  satellite  tech¬ 
nology  might  let  State  Farm  go  directly  to  a  customer’s  door.  So- 
called  broadband  global-area  network  technology  might  make 
it  possible  for  a  claims  representative  to  put  a  notebook-size 
antenna  on  top  of  his  car  to  establish  a  432K  bit/sec  link  to  State 
Farm  and  then  go  into  a  customer’s  house  and  use  a  wireless 
link  to  tie  back  to  the  antenna.  ■ 


Acquiring  minds 

In  trying  to  take  on  Cisco,  Juniper  has  emulated  it  by 
going  the  acquisition  route. 

Company,  price 

Peribit,  $337million 

Technology  focus 

WAN  optimization 

Deal  closed/closing 

Third  quarter 

Redline,  $132  million 

TCP  offload 

Second  quarter 

Kagoor,  $67.5  million 

Session  border  control 

Second  quarter 

NetScreen,  $4  billion 

VPN/firewall 

Second  quarter,  '04 

Unisphere,  $740  million 

Edge  routing 

Third  quarter,  ’02 

Pacific  Broadband, 
$200  million 

Cable  modem 
termination 

Fourth  quarter,  ’01 

Juniper 
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Admission  Control  program. 

Instead,  Juniper  controls  who 
has  access  to  what  network  re¬ 
sources  based  on  ensuring  end- 
user  devices  on  the  LAN  and  the 
WAN  are  properly  configured, 
policies  that  define  access  rights 
and  enforcement  points  in  front 
of  key  enterprise  resources,  says 
Kittu  Kolluri,  general  manager  of 
Juniper’s  security  products  group. 

In  particular,  Juniper  will  pro¬ 
tect  end-user  machines,  WAN 
gateways  and  devices  that  front- 
end  server  farms  —  such  as  the 
Redline  boxes,  which  offload  TCP 
processing  from  servers  and 
streamline  communications  with 
remote  users.  “If  we  can  protect 
these  three  strategic  points  in  the 
network,  we  can  achieve  a  lot  in 
terms  of  the  use  control  and 
threat  control,”  Kolluri  says. 

But  the  overlay  architecture  ulti¬ 
mately  might  limit  its  adoption, 
says  Rob  Whitely  an  analyst  with 
Forrester  Research,  because  com¬ 
petitors  are  working  on  standards 
to  support  quarantining  based  on 
switches.  After  switch-based  alter¬ 
natives  are  available  in  12  to  18 
months,  businesses  that  prefer 
separate  network  and  security 
architectures  still  will  be  interest¬ 
ed,  but  many  others  will  be  drawn 
to  switch-based  security  he  says. 

Under  Enterprise  Infranet,  both 
internal  and  external  users  will 
authenticate  to  the  network. 
Security  and  access  policies  for 
users  and  the  machines  they  are 
using  will  be  enforced  with 
Juniper’s  firewall/VPN  gear.  Even¬ 
tually  other  network  gear  will  act 
as  enforcement  points,  such  as 
routers  and  intrusion  detection 
and  prevention  gear  —  all  of 
which  Juniper  makes. 

This  leaves  out  switches,  some¬ 
thing  Juniper  lacks  and  which 
many  observers  think  the  com¬ 
pany  should  acquire.  “If  they 
want  to  attack  Cisco  seriously 
they  need  switches,”  Whitely 
says.  “If  they  just  want  to  attack 
[Cisco  based  on  security], 
they’re  doing  a  good  job.” 

Key  to  Enterprise  Infranet  is  a 
new  hardware  appliance  called 
Infranet  Controller  that  creates 
policy  associations  between  end- 
user  machines  and  Juniper  fire¬ 
wall/VPN  devices  that  protect  key 
network  resources.  Users  authenti¬ 
cate  to  the  Infranet  Controller,  Java 
and  Active  X  agents  assess  the 
security  of  the  device  and  the  de¬ 
vice  establishes  the  access  rights 
the  endpoint  should  be  granted. 

When  users  connect  to  a  re¬ 
source,  the  Infranet  Controller 


sets  up  an  IPSec  tunnel  between 
the  user  device  and  a  firewall/- 
VPN  enforcement  device  protect¬ 
ing  the  resource.  If  a  network 
attack  is  detected,  the  Infranet 
Controller  can  revoke  the  IPSec 
session  keys  to  shut  down  tun¬ 
nels,  says  Rod  Murchison, 
Juniper’s  senior  director  of  prod¬ 
uct  management. 

Enterprise  Infranet  parallels 
security-overlay  efforts  from  ven¬ 
dors  such  as  Check  Fbint  Soft¬ 
ware,  Caymas  Systems,  Vernier 
Networks,  newly  announced 
Lockdown  Networks  and  Cisco 
itself  via  its  Clean  Access  gear, 
Whitely  says.  “Juniper  will  pull 
more  weight  than  some  because 
it  has  more  of  a  security  name 
and  is  financially  stable,”  he  says. 

Using  some  of  its  financial  clout, 
which  includes  $1.1  billion  in 
cash  and  short-term  investments, 
Juniper  plans  to  buy  Peribit  ($337 
million),  a  developer  of  WAN  opti¬ 
mization  technology  and  applica¬ 
tion  front-end  vendor  Redline 
($132  million).  Both  vendors 
address  layer  4-7  switching,  which 
Juniper  says  will  let  it  provide 
application  acceleration  and  per¬ 
formance  assurance. 

WAN  optimization  enables  bet¬ 
ter  application  performance  over 
congested  WAN  links  by  making 
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more  efficient  use  of  TCP/IRcom- 
pressing  traffic  and  caching. 
Application  front-ends  offload 
TCP  processing  from  servers,  mul¬ 
tiplex  TCP  sessions  and  cache 
and  compress  traffic. 

“Application  acceleration  is  the 
best  kept  secret  in  networking,” 
Juniper  CEO  Scott  Kriens  said. 

The  acquisitions  also  bring  cus¬ 
tomers,  900  in  the  case  of  Peribit 
and  350  in  the  case  of  Redline. 
But  customers  have  reservations. 

“Peribit  has  had  a  road  map 
that’s  very  aggressive  and  they’ve 
delivered.  Does  this  mean  stagna¬ 
tion?”  asks  long-time  Peribit  cus¬ 
tomer  Martin  Cox,  technical  ser¬ 
vices  manager  for  planning  and 
development  at  BOC  Edwards 
Global  in  Wilmington,  Mass. 
However,  he  says  he  likes  the  idea 
of  one  company  controlling  Peri¬ 
bit  and  Redline  technology 

“With  Peribit  on  the  WAN  and 
Redline  at  the  edge,  if  they  get  it 
all  to  work,  it  could  be  quite  excit¬ 
ing  for  improving  application  per¬ 
formance,”  he  says. 

Cox  is  a  little  leery  of  the  tech¬ 
nology  winding  up  in  routers, 
though,  because  he’s  already  got 
routers.  “If  they  turned  it  into  a 
fancy  router  and  it  cost  the  same 
as  Psribit,  I  won’t  care.  If  it  costs 
more,  I  won’t  be  very  happy  ■ 
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Freedom  through  surveillance  data 


ince  our  discussions  a  few 
weeks  ago  about  the  use  of 
RFID  tags  to  track  schoolchild¬ 
ren,  I’ve  been  thinking:  What  about 
tracking  cars  and  trucks? 

Motorized  vehicles  are  without 
doubt  central  to  the  American  econ¬ 
omy  Remove  trucks  and  cars  and  go 
back  to, say,  horses  and  mules  and  we’d  grind  to  a 
commercial  halt. 

Now,  just  like  duct  tape  and  the  Force  in  “Star  Wars,” 
motorized  transport  has  both  a  light  side  and  a  dark 
side. That  dark  side  includes  the  theft  of  vehicles  and 
their  use  in  crimes  of  various  types.  What  if  we  man¬ 
dated  that  every  vehicle  on  the  road  must  carry  a 
certified  RFID  tag  —  much  like  the  road  tax  tags  you 
stick  on  your  license  plates? 

Roads,  freeways  and  junctions  would  have  RFID 
scanners  and  log  all  vehicles  that  passed.  If  a  vehicle 
should  pass  without  a  tag  or  the  tag  didn’t  match 
plates,  photos  would  be  taken  and  police  would  be 
sent  to  issue  tickets,  arrest  people  or,  if  as  occasional¬ 
ly  happens  in  L.A.,beat  them  with  truncheons. 

Just  consider  the  effect  this  could  have  on  crime. 
And  don’t  bother  to  say  anything  along  the  lines  of 
“The  bad  guys  could  swap  plates  and  tags  to  avoid 
detection.”  Sure  they  could,  but  that  would  only  be 
the  small  percentage  of  serious  criminals  who 


would  have  the  motivation  to  defeat  any  control  sys¬ 
tem  and  who  probably  already  get  around  today’s 
far  weaker  controls  anyway 

Another  thing  to  consider  is  speeding.  We  have 
laws  that  say  “thou  shalt  not  go  faster  than  the  post¬ 
ed  maximum  speed  or  thou  shalt  get  in  trouble.”The 
laws  don’t  say  anything  even  vaguely  like  “obey  the 
speed  limits  only  when  you  feel  like  it  or  when  a 
cop  is  in  sight,”  but  that’s  how  we  all  choose  to  inter¬ 
pret  them. 

And  this  is  despite  the  fact  that  everyone  knows 
speeding  is  dangerous:  In  2003,  the  most  recent  year 
for  which  statistics  are  available, 31%  —  that’s  13,380 
—  of  all  road  fatalities  in  the  US.  were  speed-related. 

With  a  vehicle-tagging  system  in  place,  when  the 
time  for  a  car  or  truck  to  go  between  two  check¬ 
points  is  less  than  the  best  time  that  could  be  ex¬ 
pected  driving  at  the  speed  limit,  ding!  An  automatic 
ticket  is  issued.  Speeding  and  the  associated  deaths 
would  become  things  of  the  past  within  a  few  years! 

I  know  what  some  of  you  will  be  saying:“What 
about  the  government  tracking  us?  What  about  our 
freedom?”  OK,  you  tell  me  what  such  a  system  could 
reveal  about  you  that  couldn’t  be  found  out  should 
the  government  decide  to  focus  their  beady  little 
eyes  on  you  using  other  methods?  What  use  is  it  to 
know  that  you  went  to  work  as  usual? 

Why  are  you  worried  about  the  government  abus¬ 


ing  this  kind  of  data  when  Experian  and  Acxiom 
have  detailed  profiles  of  most  of  us  available  for  a 
few  dollars?  Or  where  thieves  have  stolen  millions  of 
customer  records  from  the  IRS,  health-care  compa¬ 
nies,  and  so  on  without  much  difficulty? 

Then  there’s  Microsoft.  Bill  Gates  last  month  an¬ 
nounced  at  the  Windows  Hardware  Engineering 
Conference  that  Longhorn  will  incorporate  a  much- 
expanded  version  of  the  Watson  error-reporting  tool. 
Gates  said, “Think  of  it  as  a  flight-data  recorder, so 
that  any  time  there’s  a  problem,  that  ‘black  box’  is 
there  to  help  us  work  together  and  diagnose  what’s 
going  on.”  Right.  No  chance  of  clandestine  observa¬ 
tion  there. 

I  figure  the  more  monitoring  the  better  because 
given  the  petabytes  of  data  that  these  surveillance 
systems  would  generate,  the  boys  with  the  black  hats 
would  need  a  very  good  reason  to  track  you  simply 
because  of  the  cost  and  complexity  involved. 

We  are  already  under  intense  surveillance  and 
even  more  is  in  our  futures. Why  fight  the 
inevitable?  Let’s  give  them  huge  quantities  of  what 
they  think  they  want  and  make  sure  we  keep  our 
freedom. 

You  know  you  want  to  write  —  try  backspin 
@gibbs.com.  And  need  /  say  it?  Check  Gearblog 
(www.  networkworld.  com /weblogs /gearblog). 
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News,  insights,  opinions  and  oddities 


By  Paul  McNamara 


Took  a  licking  and . . . 

Turns  outthatThe  Smoking  Gun  only 
winged  Stamps.com  after  all. 

You  might  recall  that  last  fall  we  told  the  story  of  how  a  test  run  of  Stamps 
.corn’s  wildly  popular  PhotoStamps  service  had  been  suspended  by  the  U.S. 
Postal  Service  in  the  wake  of  embarrassing  publicity  brought  upon  it  by  the  merry 
pranksters  at  www.thesmokinggun.com,  PhotoStamps  was  designed  to  let  con¬ 
sumers  order  personalized  postage  online  that  features  photographs  of  them¬ 
selves,  loved  ones  or  favorite  scenes.  It  was  a  spectacular  hit,  as  virtually  every 
media  outlet  in  the  country  did  a  story  about  the  service.  Some  83,000  images 
were  uploaded  in  just  seven  weeks,  and  Stamps.com  —  an  8-year-old  company 
that  only  last  year  registered  its  first  profitable  quarter —  raked  in  $2.3  million  in 
relatively  easy  revenue. 

ButthenThe  Smoking  Gun  went  bang-bang.  Best  known  for  posting  celebrity 
mug  shots  and  salacious  court  documents  —  the  Web  site  decided  it  would  be 
amusing  to  exploit  what  appeared  to  them  to  be  a  door  left  wide  open  to  trouble. 
So  the  editors  of  the  site  ordered  and  were  unquestioningly  issued  nine  sheets  of 
PhotoStamps  that  depicted  the  likes  of  UnabomberTed  Kaczynski,  Yugoslavian 
war  criminal  Slobodan  Milosevic,  and  executed  spies  Julius  and  Ethel  Rosenberg. 

When  the  gunslingers  told  the  world  what  they'd  done,  Stamps.com  found  its 
new  golden  goose  simmering  in  a  pot  of  controversy.  PhotoStamps  was  suspend¬ 
ed  in  September  and  its  fate  appeared  uncertain. 

Last  week  that  uncertainty  cleared  as  the  company  announced  it  received  the 
blessing  of  postal  authorities  to  launch  a  new  one-year  test  of  PhotoStamps 
beginning  May  17,  with  pre-orders  being  accepted  now  at  www.photostamps.com. 

But  what's  to  stop  Internet  wise  guys  from  shooting  more  holes  in  the  service? 

“We  did  it  because  we  thought  at  least  initially  they  were  going  to  have  a  tough 
time  stopping  people  from  abusing  or  attempting  to  abuse  the  system,”  says  Bill 


Bastone,  editor  ofThe  Smoking  Gun.  "They’ve  probably  figured  it  out  now  so  that 
if  you’re  trying  to  get  a  serial  killer  or  a  dictator  on  a  stamp,  it’s  just  not  going  to 
happen.” 

There’s  no  probably  about  it,  says  Stamps.com  CEO  Ken  McBride. 

"We’ve  spent  the  seven  months  since  the  first  market  test  ended  improving  our 
processes,"  McBride  says.  “We  hired  and  trained  some  additional  screening  per¬ 
sonnel  with  expertise  in  world  history  and  world  culture,  and  we’ve  built  a  huge 
database  of  images  that  our  screeners  will  be  on  the  lookout  for,  as  well  as  other 
capabilities  that  will  help  the  human  screening  process." 

As  a  backstop,  the  company  has  fortified  its  acceptable- use  policy  that  pro¬ 
hibits  ordering  stamps  that  depict  celebrities,  criminals  and  assorted  bad  actors 
—  with  the  definition  of  "bad”  extraordinarily  broad. 

“So  the  only  way  to  sneak  something  through  will  be  to  violate  the  terms  and 
conditions,  and  we’ll  have  to  figure  out  at  that  point  what  kind  of  steps  we  might 
take  to  go  after  someone  who  does  it,”  McBride  says. 

He  means  the  company  is  likely  to  unleash  the  lawyers.  Here’s  a  nugget  from  the 
terms-of-use  policy  that  should  dissuade  all  but  the  most  imprudent  of  pranksters: 

"In  the  event  you  violate  these  Content  Restrictions  and  you  intentionally  publi¬ 
cize  such  violation,  you  acknowledge  that  Stamps.com  will  suffer  substantia! 
damage  to  its  reputation  and  goodwill  and  that  you  can  be  liable  for  causing  such 
substantial  damage." 

They’re  serious.  In  fact,  a  colleague  expressed  interest  in  ordering  Photo¬ 
Stamps  for  his  89-yegr-old  mother-in-law’s  upcoming  90th  birthday  celebration 
and  I  advised  him  to  make  sure  the  woman  doesn’t  have  a  rap  sheet  before  plac¬ 
ing  his  order. 

One  thing  McBride  probably  won’t  have  to  worry  about,  however,  is  another  shot 
from  The  Smoking  Gun.  Says  editor  Bastone  about  PhotoStamps’  reprieve:  "It  may 
not  seem  so  given  our  little  gambit  last  summer,  but  we’re  kind  of  happy  for  them." 

The  address  is  buzz@nww.com.  Don’t  forget  the  postage. 
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